Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST['submit'])){
- session_start();
- // configuration
- $dbhost = "localhost";
- $dbname = "login";
- $dbuser = ".";
- $dbpass = ".";
- // database connection
- $conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $conn->exec("SET CHARACTER SET utf8mb4");
- // new data
- $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
- $passwordAttempt = !empty($_POST['password']) ? trim($_POST['password']) : null;
- // query
- $result = "SELECT id, username, password, banned FROM users WHERE username= :username AND banned = '0'";
- $stmt = $conn->prepare($result);
- $stmt->bindValue(':username', $username);
- $stmt->execute();
- $user = $stmt->fetch(PDO::FETCH_ASSOC);
- if($user === false){
- //Could not find a user with that username!
- //PS: You might want to handle this error in a more user-friendly manner!
- $error = "Incorrect username/password combination!";
- } else{
- //User account found. Check to see if the given password matches the
- //password hash that we stored in our users table.
- //Compare the passwords.
- $validPassword = password_verify($passwordAttempt, $user['password']);
- //If $validPassword is TRUE, the login has been successful.
- if($validPassword){
- $_SESSION['login_user'] = $username;
- header("location: home.php");
- exit;
- } else{
- $error = "Incorrect username/password combination!";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement