public function LoginUser($username, $password){ // Check if user adn passwo

1. public function LoginUser($username, $password){
2. // Check if user adn password matches an user in database
3. if(isset($_POST['username'])){
4. $username = mysqli_real_escape_string($this->db, $username);
5. $password = mysqli_real_escape_string($this->db, $password);
6.  
7. $sql = "SELECT * FROM users WHERE name='$username'";
8. $result = mysqli_query($this->db, $sql) or die('Fel vid SQL-fråga - inloggning');
9.  
10. if(mysqli_num_rows($result)){
11. $row = mysqli_fetch_array($result);
12. $stored_password = $row['password'];
13. // check if hash_equals-function exists
14. if(function_exists("hash_equals")) {
15. //If excists
16. if(hash_equals($stored_password, crypt($password, $stored_password))) {
17. // create session
18. header("location: user/loggedin.php");
19. $_SESSION['login'] = $username;
20. }else{
21. echo '*WRONG!*';
22. }
23. }else{
24. //if not exists, use alternate method
25. if($stored_password == crypt($password, $stored_password)){
26. // create session that tells that we're logged in
27. header("location: ../user/loggedin.php");
28. $_SESSION['name'] = $username;
29. }else{
30. echo 'WRONG!';
31. }
32. }
33. }
34. }
35. }
36.  
37. <?php
38. // call class User.php, LoginUser
39. $users = new User();
40. if(isset($_POST['loginButton'])){
41. if($users->LoginUser($_POST['username'], $_POST['password'])){
42. //header("location: admin/admin.php");
43. }else{
44. echo 'wrong username or password';
45. }
46. }
47.  
48. if(hash_equals($stored_password, crypt($password, $stored_password))) {
49. // create session
50. header("location: user/loggedin.php");
51. $_SESSION['login'] = $username;
52.  
53. }else if($stored_password == crypt($password, $stored_password)){
54. // create session that tells that we're logged in
55. header("location: ../user/loggedin.php");
56. $_SESSION['name'] = $username;
57. }else{
58. echo 'WRONG!';
59. }
60.  
61. location: user/loggedin.php
62.  
63. location: ../user/loggedin.php