Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function Login($email, $password){
- $global $con;
- // If form isn't empty
- if($email != '' && $password != ''){
- // Secure user input from injection
- $email = $con->real_escape_string($email);
- $password = $con->real_escape_string($password);
- // Put entire list of users in a variable
- $users = $con->query("SELECT id, email, password FROM users");
- // Loop entire table
- while($user = $users->fetch_object()){
- # The only way for verification is with this,
- # as both email and passwords are encrypted.
- # At least this is the only solution I came up with.
- # So to check if a user exists, I have to mirror
- # their email with one in the database,
- # scanning the entire database for users.
- //If email matches one in the database
- if(password_verify($email, $user->email)){
- // if password matches the one currently in the loop.
- if(password_verify($password, $user->password)){
- // Put user ID inside the session 'uid' (stands for 'user id')
- $_SESSION['uid'] = $user->id;
- header('Location: admin');
- }else{
- // Error 1 = password incorrect
- header('Location: login/1');
- }
- }else{
- // Error 2 = nonexistent
- header('Location: login/2');
- }
- }
- }else{
- // Error 3 = inputs were empty
- header('Location: login/3');
- }
- }// End of Login-method
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
