Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once( 'db-connect.php' );
- session_name( 'a' ); // The session name must be one word
- session_start();
- if( isset( $_SESSION['id'] ) && isset( $_SESSION['name'] ) ) {
- $id = $_SESSION['id'];
- $name = $_SESSION['name'];
- $logged_in = true;
- }
- else {
- $logged_in = false;
- }
- $username = $_POST['username'];
- $password = $_POST['password'];
- print '<p>Attempting to login user '.$username.'...';
- // Prepare a SELECT statement to get the user details from the DB
- $statement = mysqli_prepare( $link, "SELECT id, name, pass
- FROM authors
- WHERE name=?");
- if( $statement ) {
- // Bind in the supplied username
- mysqli_stmt_bind_param( $statement, 's', $username );
- // Run the statement
- mysqli_stmt_execute( $statement );
- // Supply empty variables for the user's record data
- mysqli_stmt_bind_result( $statement, $id ,$name, $pass);
- print '<p>Checking for matching user...';
- // Get the matching record (if any)
- if( mysqli_stmt_fetch( $statement ) ) {
- print '<p>User account found. Checking password...';
- if( ( $password) == $pass )
- // Password hashes match. Store the session information
- $_SESSION["id"] = $id;
- $_SESSION["name"] = $username;
- // Head back to the home page after letting the user know
- print '<p>Password is correct⦠Success!';
- header( 'refresh:2;url=index.php' );
- }
- else {
- // Incorrect password... try again
- print '<p class="error">Incorrect password!';
- header( 'refresh:20;url=form-login.php' );
- }
- }
- else {
- // No user account exists. Invalid login... try again
- print '<p class="error">Unknown user!';
- header( 'refresh:2;url=form-login.php' );
- }
- // Close the prepared statement.
- mysqli_stmt_close( $statement );
- // Close the database connection
- mysqli_close( $link );
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
