code

1. <?php
2. ini_set("session.save_path", "/home/unn_w16017186/sessionData");
3. session_start();
4. ?>
5. <!doctype html>
6. <html lang="en">
7. <head>
8. <meta charset="UTF-8" />
9. <title>Login process script</title>
10. <link href ="index.css" rel = "stylesheet" type = "text/css"/>
11. </head>
12. <body>
13. <ul>
14. <li><a href="index.html">Homepage</a></li> <!-- This is my navigation bar -->
15. <li><a href="adminPage.html">Admin</a></li>
16. <li><a href="loginForm.html">Login</a></li>
17. </ul>
18. <br>
19. <br>
20. <?php
21. $username = filter_has_var(INPUT_POST, 'username') ? $_POST['username']: null;
22. $username = trim($username);
23. $password = filter_has_var(INPUT_POST, 'password') ? $_POST['password']: null;
24. $password = trim($password);
25.  
26. if (empty($username) || empty($password)) {
27. echo "<p>You need to provide a username and password. Please try <a href='loginForm.html'>again</a>.</p>\n";
28. }
29. else {
30. try {
31. unset($_SESSION['username']);
32. unset($_SESSION['logged-in']);
33.  
34. require_once("functions.php");
35. $dbConn = getConnection();
36.  
37. $querySQL = "SELECT passwordHash FROM nbc_users WHERE username = :username";
38. $stmt = $dbConn->prepare($querySQL);
39. $stmt->execute(array(':username' => $username));
40. $user = $stmt->fetchObject();
41.  
42. if ($user) {
43. if (password_verify($password, $user->passwordHash)) {
44. echo "<h1>Login successful!</h1>\n";
45. echo "<a href='adminPage.html'>Admin Page</a>\n";
46.  
47. $_SESSION['logged-in'] = true;
48. $_SESSION['username'] = $username;
49.  
50. }
51. else {
52. echo "<p>The username or password were incorrect. Please try again</p>\n";
53. }
54. } else {
55. echo "<p>The username or password were incorrect. Please try again</p>\n";
56.  
57. }
58.  
59. } catch (Exception $e) {
60. echo "Record not found: " . $e->getMessage();
61.  
62. }
63.  
64.  
65. }
66. ?>
67. </body>
68. </html>