Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- $action = isset($_POST['action']) ? $_POST['action']:'';
- if($action == 'validatelogin')
- {
- $DbHost = "localhost";
- $DbDatabase = "DATABASENAME";
- $DbUser = "USERNAME";
- $DbPassword = "PASSWORD";
- // --- PDO Info
- $dsn = 'mysql:host='.$DbHost.';dbname='.$DbDatabase;
- $DbOptions = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
- $DBH = new PDO($dsn, $DbUser, $DbPassword, $DbOptions);
- $password = isset($_POST['password'])?$_POST['password']:'';
- $username = isset($_POST['username'])?$_POST['username']:'';
- if($password == ''){die('Password cannot be blank!');}
- if($username == ''){die('Username cannot be blank!');}
- $qs = "SELECT COUNT(*) as `count` FROM `users` WHERE `username`=:username";
- $q = $DBH->prepare($qs);
- $q->bindValue(':username', (string)$username, PDO::PARAM_STR);
- $q->execute();
- $count = $q->fetch(PDO::FETCH_ASSOC)['count'];
- if($count > 0)
- {
- $qs = "SELECT `pwhash` FROM `users` WHERE `username`=:username LIMIT 1";
- $q = $DBH->prepare($qs);
- $q->bindValue(':username', (string)$username, PDO::PARAM_STR);
- $q->execute();
- $pwhash = $q->fetch(PDO::FETCH_ASSOC)['pwhash'];
- if (password_verify($password, $pwhash))
- {
- //Session stuff, redirect
- die('Login Granted');
- }
- else
- {
- die('Invalid Username/Password');
- }
- }
- else
- {
- die('Invalid Username/Password');
- }
- }
- ?>
- <!doctype html>
- <html>
- <head>
- </head>
- <body>
- <h4 id="result"><h4>
- username<br>
- <input type="text" id="username"/><br>
- password<br>
- <input type="password" id="password"/><br>
- <input type="button" value="login" onclick="ajaxLogin()"/><br>
- <script>
- function ajaxLogin()
- {
- var username = encodeURIComponent(document.getElementById('username').value);
- var password = encodeURIComponent(document.getElementById('password').value);
- var params = "action=validatelogin&username="+username+"&password="+password;
- var url = "<?=basename($_SERVER['PHP_SELF']);?>?time="+ (new Date()).getTime();
- var http = new XMLHttpRequest();
- http.open("POST", url, true);
- http.setRequestHeader("Content-type","application/x-www-form-urlencoded");
- http.onload = function()
- {
- if(http.readyState == 4 && http.status == 200)
- {
- var result = http.response;
- document.getElementById('result').innerHTML = result;
- }
- };
- http.send(params);
- }
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement