<?php// start sessionsession_start();// connect to databaseinclude 'co

1. <?php
2. // start session
3. session_start();
4.  
5. // connect to database
6. include 'config/db_connect.php';
7.  
8.  
9.  
10. include 'database.php';
11. $pdo = Database::connect();
12.  
13.  
14.  
15.  
16. //If the POST var "login" exists (our submit button), then we can
17. //assume that the user has submitted the login form.
18. if(isset($_POST['login'])){
19.  
20. //Retrieve the field values from our login form.
21. $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
22. $passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
23.  
24. //Retrieve the user account information for the given username.
25. $sql = "SELECT id, username, password FROM users WHERE username = :username";
26. $stmt = $pdo->prepare($sql);
27.  
28. //Bind value.
29. $stmt->bindValue(':username', $username);
30.  
31. //Execute.
32. $stmt->execute();
33.  
34. //Fetch row.
35. $user = $stmt->fetch(PDO::FETCH_ASSOC);
36.  
37. //If $row is FALSE.
38. if($user === false){
39. //Could not find a user with that username!
40.  
41. echo '<div class="alert alert-danger" role="alert">';
42. echo '<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>';
43. echo '<span class="sr-only">Error:</span>';
44. echo 'Enter a valid username';
45. echo '</div>';
46. } else{
47. //User account found. Check to see if the given password matches the
48. //password hash that we stored in our users table.
49.  
50. //Compare the passwords.
51. $validPassword = password_verify($passwordAttempt, $user['password']);
52.  
53. //If $validPassword is TRUE, the login has been successful.
54. if($validPassword){
55.  
56. //Provide the user with a login session.
57.  
58. $_SESSION['user_id'] = $user['id'];
59. $_SESSION['logged_in'] = time();
60. $_SESSION['username'] = $user['username'];
61.  
62.  
63.  
64. //Redirect to our protected page, which we called home.php
65. header('Location:products.php');
66. exit;
67.  
68. } else{
69. //$validPassword was FALSE. Passwords do not match.
70. echo '<div class="alert alert-danger" role="alert">';
71. echo '<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>';
72. echo '<span class="sr-only">Error:</span>';
73. echo 'Enter a valid password';
74. echo '</div>';
75. }
76. }
77.  
78. }
79. Database::disconnect();
80. if(!isset($_SESSION['user_id']) && empty($_SESSION['user_id']))
81.  
82. {
83.  
84. }
85.  
86. else{
87. header('Location:index.php');
88. }
89. ?>
90.  
91. <!DOCTYPE html>
92. <html>
93. <head>
94. <meta charset="UTF-8">
95. <title>Login</title>
96. </head>
97. <body>
98. <br><br>
99.  
100. <div class="login-forum form-group">
101.  
102. <form class="navbar-form login-forum" role="search" action="login.php" method="post">
103.  
104.  
105.  
106. <form action="login.php" method="post">
107. <label class="login-username" for="username">Username</label>
108.  
109. <div class="form-group">
110. <input class="form-control" type="text" id="username" name="username">
111. </div>
112. <br>
113. <label for="password">Password</label>
114. <div class="form-group">
115. <input class="login-password-input form-control" type="password" id="password" name="password">
116. </div>
117. <br><br><br><br>
118. <input style="width: 15%;" class="btn btn-lg btn-default" type="submit" name="login" value="Login">
119. </form>
120.  
121. </form>
122. </div>
123. </body>
124. </html>