<!DOCTYPE html> <html> <head> <title>Login</title> </head> <body><c

1. <!DOCTYPE html>
2. <html>
3. <head>
4.   <title>Login</title>
5. </head>
6. <body>
7. <center>
8. <form action="?login=1" method="post">
9. E-Mail:<br>
10. <input type="email" size="40" maxlength="250" name="email"><br><br>
11.  
12. Passwort:<br>
13. <input type="password" size="40"  maxlength="250" name="passwort"><br>
14.  
15. <input type="submit" value="Anmelden">
16. </form>
17. </center>
18.  
19.  
20. <?php
21. session_start();
22. $pdo = new PDO('mysql:host=localhost;dbname=users', 'admin', 'pw') or die("Connect failed: %s\n". $conn -> error);
23.  
24. include openconn.php;
25. $conn = OpenCon();
26.  
27. echo "Connected Successfully";
28.  
29. CloseCon($conn);
30. //include 'db_connection.php';
31. //$dbhost = "localhost";
32. //$dbuser = "admin";
33. //$dbpass = "pw";
34. //$db = "users";
35.  
36. //$pdo = new mysqli($dbhost, $dbuser, $dbpass,$db) or die("Connect failed: %s\n". $conn -> error);
37.  
38.  
39. if(isset($_GET['login'])) {
40.  $email = $_POST['email'];
41.  $passwort = $_POST['passwort'];
42.  
43.  $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
44.  $result = $statement->execute(array('email' => $email));
45.  $user = $statement->fetch();
46.  
47.  //Überprüfung des Passworts
48.  if ($user !== false && password_verify($passwort, $user['passwort'])) {
49.  $_SESSION['userid'] = $user['id'];
50.  die('Login erfolgreich. Weiter zu <a href="geheim.php">internen Bereich</a>');
51.  } else {
52.  $errorMessage = "E-Mail oder Passwort war ungültig<br>";
53.  echo "Fehler";
54.  }
55.  
56. }
57. if(isset($errorMessage)) {
58.   echo $errorMessage;
59.  }
60. ?>
61.  
62. </body>
63. </html>