<?phprequire_once('includes/config.php');if ($user->is_logged_in()) { head

1. <?php
2. require_once('includes/config.php');
3. if ($user->is_logged_in()) {
4. header('Location: signup.php');
5. }
6. if (isset($_POST['submit'])) {
7. $username = filter_input(INPUT_POST, 'username');
8. $password = filter_input(INPUT_POST, 'password');
9. if ($user->login($username, $password)) {
10. $_SESSION['username'] = $username;
11. header('Location: index.php');
12. exit;
13. } else {
14. $error[] = 'Wrong username or password or your account has not been activated.';
15. }
16. }
17. ?>
18.  
19. private function get_user_hash($username){
20. try {
21. $stmt = $this->_db->prepare('SELECT password FROM members WHERE username = :username AND active="Yes" ');
22. $stmt->execute(array('username' => $username));
23. $row = $stmt->fetch();
24. return $row['password'];
25. } catch(PDOException $e) {
26. echo '<p class="bg-danger">'.$e->getMessage().'</p>';
27. }
28. }
29. public function login($username,$password){
30. $hashed = $this->get_user_hash($username);
31. if($this->password_verify($password,$hashed) == 1){
32. $_SESSION['loggedin'] = true;
33. return true;
34. }
35. }