authorize.php

1. <?php
2. ob_start();
3. session_start();
4. try {
5.     $dbh = new PDO('mysql:host=localhost;dbname=petrzilk_test', 'petrzilk_dbAdmin', '');
6. } catch(PDOException $e) {
7.     echo $e->getMessage();
8. }
9.  
10. $query = "SELECT * FROM users WHERE LOWER(email) = :email";
11. $stmt = $dbh->prepare($query);
12. $stmt->bindValue(':email', strtolower($_POST['email']));
13. $stmt->execute();
14.  
15. if ($stmt->rowCount() == 1) {
16.     $row = $stmt->fetch(PDO::FETCH_ASSOC);
17.     require('blowfish.class.php');
18.     $bcrypt = new Bcrypt(4);
19.     if ($bcrypt->verify($_POST['password'], $row['password'])){
20.         session_regenerate_id();
21.     $_SESSION['sess_user_id'] = $row['uid'];
22.     $_SESSION['sess_email'] = $row['email'];
23.         $_SESSION['sess_name'] = $row['fname'] . " " . $row['lname'];
24.     session_write_close();
25.         header("Location: index.php");
26.     }
27. }
28.  
29. ?>