Login

1. <?php
2. include 'includes/header.php';
3. include 'includes/navbar.php';
4. ?>
5. <br>
6. <div class="container">
7.    <h2 style="text-align: center">Login</h2>
8.    <center>
9.        <form method="post">
10.            <div class="input-group mb-3" style="width: 30%">
11.                <div class="input-group-prepend">
12.                    <span class="input-group-text"><i class="fa fa-user prefix white-text"></i></span>
13.                </div>
14.                <input type="text" class="form-control" id="email"  placeholder="Username" name="username">
15.            </div>
16.            <div class="input-group mb-3" style="width: 30%">
17.                <div class="input-group-prepend">
18.                    <span class="input-group-text"><i class="fa fa-lock prefix white-text"></i></span>
19.                </div>
20.                <input type="password" class="form-control" id="pwd" style="width: 30%" placeholder="Password" name="password">
21.            </div>
22.            <button type="submit" class="btn btn-primary" name="login" style="width: 30%">Login</button><br><br>
23.            <a href="register.php" class="btn btn-primary" role="button" style="width: 30%">Not a member?</a>
24.        </form>
25.    </center>
26. </div>
27.  
28. <?php
29. if (isset($_POST['login'])) {
30. session_start();
31. include('includes/db_connect.php');
32.  
33.    $username  = $_POST['username'];
34.    $password = $_POST['password'];
35.    mysqli_real_escape_string($conn, $username);
36.    mysqli_real_escape_string($conn, $password);
37.    $query = "SELECT * FROM members WHERE username = '$username'";
38.    $result = mysqli_query($conn , $query) or die (mysqli_error($conn));
39.    if (mysqli_num_rows($result) > 0) {
40.        while ($row = mysqli_fetch_array($result)) {
41.            $matric = $row['matric'];
42.            $name = $row['name'];        
43.            $email = $row['email'];
44.            $semester = $row['semester'];
45.            $inasis = $row['inasis'];
46.            $phone = $row['phone'];
47.            $user = $row['username'];  
48.            $pass = $row['password'];
49.            $picture = $row['picture'];          
50.            $role= $row['role'];          
51.            $regdate = $row['regdate'];
52.  
53.  
54.            if (password_verify($password, $pass )) {
55.                    $_SESSION['matric'] = $matric;
56.                    $_SESSION['name'] = $name;
57.                    $_SESSION['email'] = $email;
58.                    $_SESSION['semester'] = $semester;
59.                    $_SESSION['inasis'] = $inasis;
60.                    $_SESSION['phone'] = $phone;
61.                    $_SESSION['username'] = $user;
62.                    $_SESSION['picture'] = $picture;
63.                    $_SESSION['regdate']  = $regdate;
64.                    $_SESSION['role'] = $role;
65.                    if($role=="member"){
66.                        header('location: m_index.php');
67.                    }elseif($role=="admin"){
68.                        header('location: a_index.php');
69.                    }
70.            }else {
71.                    echo "<script>alert('invalid username/password');
72.                   window.location.href= 'login.php';</script>";
73.            }
74.        }
75.    } else {
76.        echo "<script>alert('invalid username/password');
77.       window.location.href= 'login.php';</script>";
78.    }
79. }
80. ?>
81. </body>
82. </html>