Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // start session
- session_start();
- // connect to database
- include 'config/db_connect.php';
- include 'database.php';
- $pdo = Database::connect();
- //If the POST var "login" exists (our submit button), then we can
- //assume that the user has submitted the login form.
- if(isset($_POST['login'])){
- //Retrieve the field values from our login form.
- $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
- $passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
- //Retrieve the user account information for the given username.
- $sql = "SELECT id, username, password FROM users WHERE username = :username";
- $stmt = $pdo->prepare($sql);
- //Bind value.
- $stmt->bindValue(':username', $username);
- //Execute.
- $stmt->execute();
- //Fetch row.
- $user = $stmt->fetch(PDO::FETCH_ASSOC);
- //If $row is FALSE.
- if($user === false){
- //Could not find a user with that username!
- echo '<div class="alert alert-danger" role="alert">';
- echo '<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>';
- echo '<span class="sr-only">Error:</span>';
- echo 'Enter a valid username';
- echo '</div>';
- } else{
- //User account found. Check to see if the given password matches the
- //password hash that we stored in our users table.
- //Compare the passwords.
- $validPassword = password_verify($passwordAttempt, $user['password']);
- //If $validPassword is TRUE, the login has been successful.
- if($validPassword){
- //Provide the user with a login session.
- $_SESSION['user_id'] = $user['id'];
- $_SESSION['logged_in'] = time();
- $_SESSION['username'] = $user['username'];
- //Redirect to our protected page, which we called home.php
- header('Location:products.php');
- exit;
- } else{
- //$validPassword was FALSE. Passwords do not match.
- echo '<div class="alert alert-danger" role="alert">';
- echo '<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>';
- echo '<span class="sr-only">Error:</span>';
- echo 'Enter a valid password';
- echo '</div>';
- }
- }
- }
- Database::disconnect();
- if(!isset($_SESSION['user_id']) && empty($_SESSION['user_id']))
- {
- }
- else{
- header('Location:index.php');
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta charset="UTF-8">
- <title>Login</title>
- </head>
- <body>
- <br><br>
- <div class="login-forum form-group">
- <form class="navbar-form login-forum" role="search" action="login.php" method="post">
- <form action="login.php" method="post">
- <label class="login-username" for="username">Username</label>
- <div class="form-group">
- <input class="form-control" type="text" id="username" name="username">
- </div>
- <br>
- <label for="password">Password</label>
- <div class="form-group">
- <input class="login-password-input form-control" type="password" id="password" name="password">
- </div>
- <br><br><br><br>
- <input style="width: 15%;" class="btn btn-lg btn-default" type="submit" name="login" value="Login">
- </form>
- </form>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement