API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 28th, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.37 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /* Sign-in to a session on the site.
  3.  
  4. This page expects to receive a userName via a post request. If it does,
  5. the value of userName is stored in a session variable. If it does not
  6. then the browser is redirected back to the home page.
  7. */
  8. ini_set('session.use_strict_mode', 1);
  9. session_start();
  10.  
  11. require 'database.php';
  12. require 'pageElements.php';
  13.  
  14.  
  15. // clear any previous session username
  16. if (isset($_SESSION['userName']))
  17. {
  18. unset($_SESSION['userName']);
  19. unset($_SESSION['password']);
  20. unset($_SESSION['signInErr']);
  21.  
  22. }
  23.  
  24. // check the form contains all the post data
  25. if (!(isset($_POST['userName']) && isset($_POST['password']))) {
  26. header('location:http://localhost/index.php');
  27. exit();
  28. }
  29.  
  30. // recover the form data
  31. $userName = trim($_POST['userName']);
  32. $password = trim($_POST['password']);
  33.  
  34. // connect to the database
  35. if (!connectToDb('centrolcollegedb'))
  36. {
  37. $_SESSION['signInErr'] = "Problem connecting to the database!";
  38. header('Location: http://localhost/index.php');
  39. exit();
  40. }
  41.  
  42.  
  43. // after this point we have an open DB connection
  44.  
  45.  
  46. // check that the user is listed in the database
  47. $userNameQuery = "SELECT userName FROM userdata WHERE userName='$userName'";
  48. $result = $dbConnection->query($userNameQuery);
  49. if ($result->num_rows != 1)
  50. {
  51. closeConnection();
  52. $_SESSION['signInErr'] = "No such user!";
  53. header('Location: http://localhost/index.php');
  54. exit();
  55. }
  56.  
  57.  
  58.  
  59. $userNameRow = $result->fetch_assoc();
  60. $userName = $userNameRow['userName'];
  61.  
  62. $passwordQuery = "SELECT password FROM userdata WHERE userName='$userName'";
  63. $result = $dbConnection->query($passwordQuery);
  64. if ($result->num_rows != 1)
  65. {
  66. closeConnection();
  67. $_SESSION['signInErr'] = "No such user!";
  68. header('Location: http://localhost/index.php');
  69. exit();
  70. }
  71.  
  72. // get the user information
  73. $passwordRow = $result->fetch_assoc();
  74. $hashed_password = $passwordRow['password'];
  75.  
  76. //close db connection
  77. closeConnection();
  78.  
  79.  
  80. if (!password_verify($password, $hashed_password))
  81. {
  82. $_SESSION['signInErr'] = "Incorrect password! Please try again...";
  83. unset($_SESSION['userName']);
  84. unset($_SESSION['password']);
  85. header('Location: http://localhost/index.php');
  86. exit;
  87. }
  88. else
  89. {
  90. $_SESSION['userName'] = $userName;
  91. $_SESSION['password'] = $hashed_password;
  92. unset($_SESSION['signInErr']);
  93. header('Location: http://localhost/index.php');
  94. exit;
  95. }
  96.  
  97.  
  98.  
  99. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!