<?php ob_start(); session_start(); require_once 'dbconnect.php';$gotopag

1. <?php
2. ob_start();
3. session_start();
4. require_once 'dbconnect.php';
5. $gotopage = $GET_["q"];
6.  
7. // it will never let you open index(login) page if session is set
8. if ( isset($_SESSION['user'])!="" ) {
9. header("Location: home.php");
10. exit;
11. }
12.  
13. $error = false;
14.  
15. if( isset($_POST['btn-login']) ) {
16.  
17. // prevent sql injections/ clear user invalid inputs
18. $email = trim($_POST['email']);
19. $email = strip_tags($email);
20. $email = htmlspecialchars($email);
21.  
22. $pass = trim($_POST['pass']);
23. $pass = strip_tags($pass);
24. $pass = htmlspecialchars($pass);
25. // prevent sql injections / clear user invalid inputs
26.  
27. if(empty($email)){
28. $error = true;
29. $emailError = "Please enter your email address.";
30. } else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
31. $error = true;
32. $emailError = "Please enter valid email address.";
33. }
34.  
35. if(empty($pass)){
36. $error = true;
37. $passError = "Please enter your password.";
38. }
39.  
40. // if there's no error, continue to login
41. if (!$error) {
42.  
43. $password = hash('sha256', $pass); // password hashing using SHA256
44. $sql = "SELECT userId, userName, userPass FROM users WHERE userEmail='$email'";
45. $res = mysqli_query($db,$sql);
46. $row = mysqli_fetch_array($res,MYSQLI_ASSOC);
47. $count = mysqli_num_rows($res);
48. // if uname/pass correct it returns must be 1 row
49.  
50. if( $count == 1 && $row['userPass']==$password ) {
51. $_SESSION['user'] = $row['userId'];
52.  
53. if( !isset($_GET['redirect']) ){
54. $variable1 = $_GET['redirect'];
55. header("Location:".$gotopage); exit;
56. }else{
57. header("Location: home.php");
58.  
59. }
60. } else {
61. $errMSG = "Incorrect Credentials, Try again...";
62. }
63.  
64. }
65.  
66. }
67. ?>
68. <!DOCTYPE html>
69. <html>
70. <head>
71. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
72. <title>Coding Cage - Login & Registration System</title>
73. <link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
74. <link rel="stylesheet" href="style.css" type="text/css" />
75. </head>
76. <body>
77.  
78. <div class="container">
79.  
80. <div id="login-form">
81. <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
82.  
83. <div class="col-md-12">
84.  
85. <div class="form-group">
86. <h2 class="">Sign In.</h2>
87. </div>
88.  
89. <div class="form-group">
90. <hr />
91. </div>
92.  
93. <?php
94. if ( isset($errMSG) ) {
95.  
96. ?>
97. <div class="form-group">
98. <div class="alert alert-danger">
99. <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
100. </div>
101. </div>
102. <?php
103. }
104.  
105.  
106.  
107. ?>
108.  
109. <div class="form-group">
110. <div class="input-group">
111. <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
112. <input type="email" name="email" class="form-control" placeholder="Your Email" value="<?php echo $email; ?>" maxlength="40" />
113. </div>
114. <span class="text-danger"><?php echo $emailError; ?></span>
115. </div>
116.  
117. <div class="form-group">
118. <div class="input-group">
119. <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
120. <input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
121. </div>
122. <span class="text-danger"><?php echo $passError; ?></span>
123. </div>
124.  
125. <div class="form-group">
126. <hr />
127. </div>
128.  
129. <div class="form-group">
130. <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
131. </div>
132.  
133. <div class="form-group">
134. <hr />
135. </div>
136.  
137. <div class="form-group">
138. <a href="register.php">Sign Up Here...</a>
139. </div>
140.  
141. </div>
142.  
143. </form>
144. </div>
145.  
146. </div>
147.  
148. </body>
149. </html>
150. <?php ob_end_flush(); ?>