Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("globals/layout/header.php");
- $error_styles1 = "<center><div class=\"error-bg\"><div class=\"error-body\">";
- $error_styles2 = "</div></div></center>";
- // General Input Errors
- $fill_all = $error_styles1. "Please fill in the entire form!".$error_styles2;
- $invalid_user = $error_styles1. "That user doesn't exist. ".$error_styles2;
- $invalid_password = $error_styles1. " The password you entered is invalid. ".$error_styles2;
- // check if user is logged in
- if(!$_SESSION["user"]) {
- // pull data from login form
- if(isset($_POST['login'])) {
- $login_name = mysqli_real_escape_string(strip_tags(($db,$_POST['login_name']));
- $password = mysqli_real_escape_string(strip_tags($db,$_POST['password']));
- if(!$login_name || !$password) {
- echo $fill_all;
- } else {
- // pull user information
- $query = "SELECT * FROM users WHERE login_name = '".$login_name."'";
- $login_info = mysqli_query($db, $query);
- $infoget = mysqli_fetch_array($login_info);
- $uservalid = mysqli_num_rows(mysqli_query($db, "SELECT * FROM users WHERE `login_name` = '".$login_name."'"));
- $hash = $infoget['password'];
- if($uservalid == 0) {
- echo $invalid_user;
- } else {
- // check that password matches
- if (password_verify($password, $hash)) {
- $_SESSION["id"] = $infoget["id"];
- $ip=$_SERVER['REMOTE_ADDR'];
- $time=time();
- print '<script language="Javascript">document.location.href=\'news.php\' ;</script>';
- } else {
- echo $invalid_password;
- }
- }
- }
- }
- }
- ?>
- <?php include("globals/layout/footer.php"); ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
