<?phpsession_start();include('includes/functions.php');// if login for

1. <?php
2. session_start();
3.  
4. include('includes/functions.php');
5.  
6. // if login form was submitted
7. if( isset( $_POST['login'] ) ) {
8.  
9. // create variables
10. // wrap data with validate function
11. $formEmail = validateFormData( $_POST['email'] );
12. $formPass = validateFormData( $_POST['password'] );
13.  
14. // connect to database
15. include('includes/connection.php');
16.  
17. // create query
18. $query = "SELECT name, password FROM users WHERE email='$formEmail'";
19.  
20. // store the result
21. $result = mysqli_query( $conn, $query );
22.  
23. // verify if result is returned
24. if( mysqli_num_rows($result) > 0 ) {
25.  
26. // store basic user data in variables
27. while( $row = mysqli_fetch_assoc($result) ) {
28. $name = $row['name'];
29. $hashedPass = $row['password'];
30. }
31.  
32. // verify hashed password with submitted password
33. if( password_verify( $formPass, $hashedPass ) ) {
34.  
35. // correct login details!
36. // store data in SESSION variables
37. $_SESSION['loggedInUser'] = $name;
38.  
39. // redirect user to clients page
40. header( "Location: clients.php" );
41.  
42. } else { // hashed password didn't verify
43.  
44. // error message
45. $loginError = "<div class='alert alert-danger'>Wrong username / password combination. Please try again.</div>";
46. }
47.  
48. } else { // no results in database
49.  
50. // alert error message
51. $loginError = "<div class='alert alert-danger'>The user cannot be found in database. Please try again. <a class='close' data-dismiss='alert'>&times;</a></div>";
52. }
53.  
54. }
55.  
56. // close mysql connection
57. mysqli_close($conn);
58.  
59. include('includes/header.php');
60.  
61. //$password = password_hash("abc123", PASSWORD_DEFAULT);
62. //echo $password;
63.  
64. ?>
65.  
66. <h1>Client Address Book</h1>
67. <p class="lead">Log in to your account.</p>
68.  
69. <?php echo $loginError; ?>
70.  
71. <form class="form-inline" action="<?php echo htmlspecialchars( $_SERVER['PHP_SELF'] ); ?>" method="post">
72. <div class="form-group">
73. <label for="login-email" class="sr-only">Email</label>
74. <input type="text" class="form-control" id="login-email" placeholder="email" name="email" value="<?php echo $formEmail; ?>">
75. </div>
76. <div class="form-group">
77. <label for="login-password" class="sr-only">Password</label>
78. <input type="password" class="form-control" id="login-password" placeholder="password" name="password">
79. </div>
80. <button type="submit" class="btn btn-primary" name="login">Login</button>
81. </form>
82.  
83. <?php
84. include('includes/footer.php');
85. ?>