Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* Sign-in to a session on the site.
- This page expects to receive a userName via a post request. If it does,
- the value of userName is stored in a session variable. If it does not
- then the browser is redirected back to the home page.
- */
- ini_set('session.use_strict_mode', 1);
- session_start();
- require 'database.php';
- require 'pageElements.php';
- // clear any previous session username
- if (isset($_SESSION['userName']))
- {
- unset($_SESSION['userName']);
- unset($_SESSION['password']);
- unset($_SESSION['signInErr']);
- }
- // check the form contains all the post data
- if (!(isset($_POST['userName']) && isset($_POST['password']))) {
- header('location:http://localhost/index.php');
- exit();
- }
- // recover the form data
- $userName = trim($_POST['userName']);
- $password = trim($_POST['password']);
- // connect to the database
- if (!connectToDb('centrolcollegedb'))
- {
- $_SESSION['signInErr'] = "Problem connecting to the database!";
- header('Location: http://localhost/index.php');
- exit();
- }
- // after this point we have an open DB connection
- // check that the user is listed in the database
- $userNameQuery = "SELECT userName FROM userdata WHERE userName='$userName'";
- $result = $dbConnection->query($userNameQuery);
- if ($result->num_rows != 1)
- {
- closeConnection();
- $_SESSION['signInErr'] = "No such user!";
- header('Location: http://localhost/index.php');
- exit();
- }
- $userNameRow = $result->fetch_assoc();
- $userName = $userNameRow['userName'];
- $passwordQuery = "SELECT password FROM userdata WHERE userName='$userName'";
- $result = $dbConnection->query($passwordQuery);
- if ($result->num_rows != 1)
- {
- closeConnection();
- $_SESSION['signInErr'] = "No such user!";
- header('Location: http://localhost/index.php');
- exit();
- }
- // get the user information
- $passwordRow = $result->fetch_assoc();
- $hashed_password = $passwordRow['password'];
- //close db connection
- closeConnection();
- if (!password_verify($password, $hashed_password))
- {
- $_SESSION['signInErr'] = "Incorrect password! Please try again...";
- unset($_SESSION['userName']);
- unset($_SESSION['password']);
- header('Location: http://localhost/index.php');
- exit;
- }
- else
- {
- $_SESSION['userName'] = $userName;
- $_SESSION['password'] = $hashed_password;
- unset($_SESSION['signInErr']);
- header('Location: http://localhost/index.php');
- exit;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement