Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $db = new PDO('mysql:host=localhost;dbname=xxxxxxxxxxxxx;charset=utf8mb4', 'xxxxxxxxxxx', 'xxxxxxxxxxxxxxx');
- // First start a session. This should be right at the top of your login page.
- session_start();
- // Check to see if this run of the script was caused by our login submit button being clicked.
- if (isset($_POST['login-submit'])) {
- // Also check that our email address and password were passed along. If not, jump
- // down to our error message about providing both pieces of information.
- if (isset($_POST['emailaddress']) && isset($_POST['pass'])) {
- $user = $_POST['username'];
- $pass = $_POST['pass'];
- // Connect to the database and select the user based on their provided email address.
- // Be sure to retrieve their password and any other information you want to save for the user session.
- $pdo = new Database();
- $pdo->query("SELECT id, email, password, name, level FROM db_users WHERE user = :username");
- $pdo->bind(':username', $user);
- $row = $pdo->single();
- // If the user record was found, compare the password on record to the one provided hashed as necessary.
- // If successful, now set up session variables for the user and store a flag to say they are authorized.
- // These values follow the user around the site and will be tested on each page.
- if (($row !== false) && ($pdo->rowCount() > 0)) {
- if ($row['password'] == hash('sha256', $pass)) {
- // is_auth is important here because we will test this to make sure they can view other pages
- // that are needing credentials.
- $_SESSION['is_auth'] = true;
- $_SESSION['user_level'] = $row['level'];
- $_SESSION['user_id'] = $row['id'];
- $_SESSION['username'] = $row['username'];
- // Once the sessions variables have been set, redirect them to the landing page / home page.
- header('location: home.php');
- exit;
- }
- else {
- $error = "Invalid email or password. Please try again.";
- }
- }
- else {
- $error = "Invalid email or password. Please try again.";
- }
- }
- else {
- $error = "Please enter an email and password to login.";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement