<?php// Include config filerequire_once 'config.php'; // Define variable

1. <?php
2. // Include config file
3. require_once 'config.php';
4.  
5. // Define variables and initialize with empty values
6. $username = $password = "";
7. $username_err = $password_err = "";
8. $bad_login_limit = 3;
9. $lockout_time = 300;
10.  
11. // Processing form data when form is submitted
12. if($_SERVER["REQUEST_METHOD"] == "POST"){
13.  
14. // Check if username is empty
15. if(empty(trim($_POST["username"]))){
16. $username_err = 'Please enter username.';
17. } else{
18. $username = trim($_POST["username"]);
19. }
20.  
21. // Check if password is empty
22. if(empty(trim($_POST['password']))){
23. $password_err = 'Please enter your password.';
24. } else{
25. $password = trim($_POST['password']);
26. }
27.  
28. // Validate credentials
29. if(empty($username_err) && empty($password_err)){
30. // Prepare a select statement
31. $sql = "SELECT username, password FROM users WHERE username = ?";
32. $sqlAttempt = "Select failedAttempts FROM users WHERE username = ?";//Should this be here? and is it right?
33.  
34. if($stmt = mysqli_prepare($link, $sql)){
35. // Bind variables to the prepared statement as parameters
36. mysqli_stmt_bind_param($stmt, "s", $param_username);
37.  
38. // Set parameters
39. $param_username = $username;
40.  
41. // Attempt to execute the prepared statement
42. if(mysqli_stmt_execute($stmt)){
43. // Store result
44. mysqli_stmt_store_result($stmt);
45.  
46. // Check if username exists, if yes then verify password
47. if(mysqli_stmt_num_rows($stmt) == 1){
48. // Bind result variables
49. mysqli_stmt_bind_result($stmt, $username, $hashed_password);
50. if(mysqli_stmt_fetch($stmt)){
51. if(password_verify($password, $hashed_password)){
52. /* Password is correct, so start a new session and
53. save the username to the session */
54. session_start();
55. $_SESSION['username'] = $username;
56. header("location: welcome.php");
57. } else{
58. // Display an error message if password is not valid
59. $password_err = 'The password you entered was not valid.';
60.  
61. }
62. }
63. } else{
64. // Display an error message if username doesn't exist
65. $username_err = 'No account found with that username.';
66. }
67. } else{
68. echo "Oops! Something went wrong. Please try again later.";
69. }
70. }
71.  
72. // Close statement
73. mysqli_stmt_close($stmt);
74. }
75.  
76. // Close connection
77. mysqli_close($link);
78. }
79. ?>
80.  
81. <!DOCTYPE html>
82. <html lang="en">
83. <head>
84. <meta charset="UTF-8">
85. <title>Login</title>
86. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
87. <style type="text/css">
88. body{ font: 14px sans-serif; }
89. .wrapper{ width: 350px; padding: 20px; }
90. </style>
91. </head>
92. <body>
93. <div class="wrapper">
94. <h2>Login</h2>
95. <p>Please fill in your credentials to login.</p>
96. <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
97. <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
98. <label>Username:^*</label>
99. <input type="text" name="username"class="form-control" value="<?php echo $username; ?>">
100. <span class="help-block"><?php echo $username_err; ?></span>
101. </div>
102. <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
103. <label>Password:^*</label>
104. <input type="password" name="password" class="form-control">
105. <span class="help-block"><?php echo $password_err; ?></span>
106. </div>
107. <div class="form-group">
108. <input type="submit" class="btn btn-primary" value="Submit">
109. </div>
110. <p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
111. </form>
112. </div>
113. </body>
114. </html>