Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_POST['Login'])) {
- $username = $_POST['email'];
- $store_password = $_POST['pword'];
- check($username, $store_password);
- }
- function check($username, $pword){
- $conn = mysqli_connect('localhost', 'root', 'root', 'Registrar');
- $check = "SELECT * FROM Users WHERE email='$username'";
- $check_q = mysqli_query($conn, $check) or die("<div class='loginmsg'>Error on checking Username<div>");
- if (mysqli_num_rows($check_q) == 1) {
- login($username, $pword);
- }
- else{
- echo "<div id='loginmsg'>Wrong Email or Password</div>";
- }
- }
- function login($username, $pword){
- $conn = mysqli_connect('localhost', 'root', 'root', 'Registrar');
- $login = "SELECT * FROM Users WHERE email='$username' and pword='$pword'";
- $login_q = mysqli_query($conn, $login) or die('Error on checking Username and Password');
- if (mysqli_num_rows($login_q) == 1){
- header('Location: account.php');
- echo"<div id='loginmsg'> Logged in as $username </div>";
- $_SESSION['username'] = $username;
- }
- else {
- echo "<div id='loginmsg'>Wrong Password </div>";
- }
- }
- $uname = $_POST['uname'];
- $email = $_POST['email'];
- $pword = $_POST['pword'];
- $store_password = password_hash('pword', PASSWORD_BCRYPT, array('cost' => 10));
- if (password_verify($given_password, $stored_password)) {
- echo 'Password is valid!';
- } else {
- echo 'Invalid password.';
- }
- function login($username, $pword){
- $conn = mysqli_connect('localhost', 'root', 'root', 'Registrar');
- $login = "SELECT email, pword FROM Users WHERE email='$username'";
- $login_q = mysqli_query($conn, $login) or die('Error on checking Username and Password');
- if (mysqli_num_rows($login_q) == 1){
- if(password_verify($pword, mysqli_fetch_field($login_q,1))){
- header('Location: account.php');
- echo"<div id='loginmsg'> Logged in as $username </div>";
- $_SESSION['username'] = $username;
- }
- else {
- echo "<div id='loginmsg'>Wrong Password </div>";
- }
- }
- else {
- echo "<div id='loginmsg'>Unknown Username </div>";
- }
- }
- // This is just simple but you can make this as elaborate as you want, but
- // if you always use the same function to connect, you will will find troubleshooting
- // that much easier.
- function connection()
- {
- return new PDO('mysql:host=localhost;dbname=Registrar','root','root');
- }
- // You want to make a simple validation function where that's all it does,
- // you don't want to put a bunch of html in here because you can reuse this function
- // elsewhere in other scripts if need be.
- function validate($email,$password,$con)
- {
- // Just look up by email only
- $sql = "SELECT * FROM `Users` WHERE `email`= ?";
- $query = $con->prepare($sql);
- $query->execute(array($email));
- $result = $query->fetch(PDO::FETCH_ASSOC);
- // If you don't get a row, just return false (didn't validate)
- if(empty($result['email']))
- return false;
- // $result['password'] should have been stored as a hash using password_hash()
- return password_verify($password,$result['password']);
- }
- // Do a quick updater to make it easier on yourself.
- // You don't use this in this script but it gives you an idea about what to
- // do when you are saving passwords via password_hash()
- function updatePassword($email,$password,$con)
- {
- $hash = password_hash($password, PASSWORD_DEFAULT);
- $sql = 'UPDATE `Users` set `password` = ? where `email` = ?';
- $query = $con->prepare($sql);
- $query->execute(array($hash,$email));
- }
- session_start();
- $con = connection();
- // Check there is a post and that post is valid email address
- // At this point you can add more messaging for errors...
- if(!empty($_POST['email']) && filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) {
- // Run our validation function
- $valid = validate($_POST['email'],$_POST['password'],$con);
- if($valid) {
- $_SESSION['username'] = $_POST['email'];
- header('Location: account.php');
- exit;
- }
- else {
- die("<div id='loginmsg'>Wrong Password</div>");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement