Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <body>
- <?php error_reporting(-1); ini_set('display_errors', 'on'); ?>
- <?php
- session_start();
- //Declare username and password variable from login form
- $username = $_POST['username'];
- $password = $_POST['password'];
- //Connect to MySQL server
- $conn = new PDO('mysql:host=localhost;dbname=basiclogin', 'root', 'Password@1');
- try {
- $stmt = $conn->prepare("SELECT * FROM users WHERE username=?");
- $stmt->execute(array($username));
- $row_count = $stmt->rowCount();
- $results = $stmt->fetchAll(PDO::FETCH_ASSOC);
- }
- catch (PDOException $ex)
- {
- echo "Error.";
- //Write error to log
- }
- //Number of rows < 1 than user not found
- if($row_count < 1)
- {
- header('Location: index.php');
- }
- //TO BE REPLACED WITH CRYPT() FUNCTIONALITY
- $hash = hash('sha256', $results['0']['salt'] . hash('sha256', $password) );
- if($hash != $results['0']['password']) //incorrect password
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- else
- {
- //Login Successful
- $_SESSION['authlevel'] = $results[0]['authlevel'];
- $_SESSION['is_logged_in'] = true;
- $_SESSION['member_name'] = $results[0]['username'];
- header("location: welcome.php");
- }
- ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment