Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // index.php
- <?php
- require_once('authentication.php');
- if (authenticateSession()) {
- $username = $_SESSION['username'];
- echo "<p>Welcome, " . $username . "!</p>";
- }
- else
- {
- include('login.html');
- }
- // For testing...
- echo "username: " . $_SESSION['username'];
- ?>
- // login.html
- <form action="login.php" method="post">
- <div>
- <label for="username">Username:</label>
- <input type="text" name="username" value="" placeholder="Username">
- </div>
- <div>
- <label for="password">Password:</label>
- <input type="password" name="password" value="" placeholder="Password">
- </div>
- <input type="submit" value="Submit">
- </form>
- // login.php
- <?php
- require_once('authentication.php');
- if (authenticateLogin()) {
- header("Location: ./index.php");
- } else {
- header("Location: ./index.php?err=cred");
- }
- ?>
- // authentication.php
- <?php
- function authenticateSession() {
- session_start();
- if (!isset($_SESSION['username'])) {
- return false;
- }
- // Otherwise, return true.
- return true;
- }
- function authenticateLogin() {
- require_once('database.php');
- if (!isset($_POST['username']) || !isset($_POST['password'])) {
- return false;
- }
- $username = $_POST['username'];
- $submittedPassword = $_POST['password'];
- try {
- $dbh = getPDO();
- $stmt = $dbh->prepare("SELECT password FROM users WHERE username = :username");
- $stmt->bindParam(':username', $username);
- $stmt->execute();
- if ($stmt->rowCount() == 0) {
- return false;
- }
- $row = $stmt->fetch();
- $actualPassword = $row["password"];
- if ($submittedPassword != $actualPassword) {
- return false;
- }
- $_SESSION['username'] = $username;
- return true;
- } catch (PDOException $e) {
- exit($e->getMessage());
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement