<?phpsession_start();//Set up credentials// Create connection$link =

1. <?php
2. session_start();
3. //Set up credentials
4.  
5.  
6. // Create connection
7. $link = new mysqli($servername,$username,$password,$database) or die($mysqli->error);
8.  
9. //Start query
10. $username = $_POST['user_name'];
11. $password = $_POST['password'];
12.  
13. //prevent sql injection
14. $username = test_input($username);
15. //$password = test_input($password);
16.  
17. $sql = "SELECT * FROM userdata WHERE username='$username'";
18. $result = $link->query($sql);
19.  
20. //verify username
21. $num_results =0;
22. while ($row = $result->fetch_assoc()) {
23. if ($row['username'] == $username)
24. {
25. $num_results++;
26. }
27. }
28. //verify password
29. $sql = "SELECT * FROM userdata WHERE password='$password'";
30. $result = $link->query($sql);
31. $pass_results=0;
32. while ($row = $result->fetch_assoc()) {
33. if(password_verify($password, $row['password']))
34. {
35. header("location:userprofile.php");
36. }
37. }
38.  
39.  
40.  
41. if ($num_results == 1) {
42. $_SESSION["u"] = $username;
43.  
44. if($pass_results == 1)
45. {
46. header("location:userprofile.php");
47. }
48. else
49. {
50. echo "<h1>Unrecognized password. Please try again or register</h1>";
51. }
52. }
53. else
54. {
55. echo "<h1>Unrecognized username. Please try again or register</h1><br>";
56. }
57.  
58. //prevent sql injection
59. function test_input($data) {
60. $data = trim($data);
61. $data = stripslashes($data);
62. $data = htmlspecialchars($data);
63. return $data;
64. }
65.  
66. $result->close();
67. $link->close();
68. ?>