<html> <body> Log in:<br/> <form action="create_session.php" method

1. <html>
2. <body>
3. Log in:<br/>
4. <form action="create_session.php" method="POST">
5. Username: <input type="text" id="username" name="username"><br>
6. Password: <input type="password" id="password" name="password"><br>
7. <input type="submit" value="Login" name="login" />
8. </form>
9. </body>
10. </html>
11.  
12.  
13. <?php
14. session_start();
15.  
16. if($_SERVER["REQUEST_METHOD"] == "POST")
17. {
18.  
19. $servername = "localhost";
20. $username = "root";
21. $password = "";
22. $dbname = "users";
23.  
24. $conn = new mysqli($servername, $username, $password, $dbname); //create connection
25.  
26. // Check connection
27. if ($conn->connect_error)
28. {
29. die("Connection failed: " . $conn->connect_error);
30. }
31.  
32. $myusername = mysqli_real_escape_string($conn,$_POST['username']);
33. $mypassword = mysqli_real_escape_string($conn,$_POST['password']);
34.  
35. //$sql = "SELECT user_type FROM users WHERE username = ? and password = ?";
36. $sql = "SELECT * FROM users WHERE username = ? and password = ?";
37. //$result = mysqli_query($db,$sql);
38. //$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
39. //$active = $row['active'];
40. $stmt = $conn->prepare($sql);
41. $stmt->bind_param("ss", $myusername, $mypassword);
42. $stmt->execute();
43. $stmt->store_result();
44.  
45. $count = $stmt->num_rows;
46.  
47. // $stmt->bind_result($type);
48. // $count = mysqli_num_rows($result);
49. //echo "type".$type, $count;
50. // If result matched $myusername and $mypassword, table row must be 1 row
51. $stmt->fetch();
52. $stmt->close();
53. $conn->close();
54.  
55. if($count == 1)
56. {
57. //session_register("myusername");
58. $_SESSION['login_user'] = $myusername;
59. echo ("Login");
60. //echo $type;
61.  
62. /*
63. if($type == 0)
64. {
65. header("location: student_account.php");
66. }
67. else
68. {
69. header("location: professor_account.html");
70. }
71. */
72. }
73. else
74. {
75. $message = "Username and/or Password incorrect.\\nTry again.";
76. echo "<script type='text/javascript'>alert('$message');</script>";
77. header("location: login.html");
78. }
79. }
80.  
81. ?>