Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ob_start();
- session_start();
- require_once 'dbconnect.php';
- $gotopage = $GET_["q"];
- // it will never let you open index(login) page if session is set
- if ( isset($_SESSION['user'])!="" ) {
- header("Location: home.php");
- exit;
- }
- $error = false;
- if( isset($_POST['btn-login']) ) {
- // prevent sql injections/ clear user invalid inputs
- $email = trim($_POST['email']);
- $email = strip_tags($email);
- $email = htmlspecialchars($email);
- $pass = trim($_POST['pass']);
- $pass = strip_tags($pass);
- $pass = htmlspecialchars($pass);
- // prevent sql injections / clear user invalid inputs
- if(empty($email)){
- $error = true;
- $emailError = "Please enter your email address.";
- } else if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
- $error = true;
- $emailError = "Please enter valid email address.";
- }
- if(empty($pass)){
- $error = true;
- $passError = "Please enter your password.";
- }
- // if there's no error, continue to login
- if (!$error) {
- $password = hash('sha256', $pass); // password hashing using SHA256
- $sql = "SELECT userId, userName, userPass FROM users WHERE userEmail='$email'";
- $res = mysqli_query($db,$sql);
- $row = mysqli_fetch_array($res,MYSQLI_ASSOC);
- $count = mysqli_num_rows($res);
- // if uname/pass correct it returns must be 1 row
- if( $count == 1 && $row['userPass']==$password ) {
- $_SESSION['user'] = $row['userId'];
- if( !isset($_GET['redirect']) ){
- $variable1 = $_GET['redirect'];
- header("Location:".$gotopage); exit;
- }else{
- header("Location: home.php");
- }
- } else {
- $errMSG = "Incorrect Credentials, Try again...";
- }
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>Coding Cage - Login & Registration System</title>
- <link rel="stylesheet" href="assets/css/bootstrap.min.css" type="text/css" />
- <link rel="stylesheet" href="style.css" type="text/css" />
- </head>
- <body>
- <div class="container">
- <div id="login-form">
- <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
- <div class="col-md-12">
- <div class="form-group">
- <h2 class="">Sign In.</h2>
- </div>
- <div class="form-group">
- <hr />
- </div>
- <?php
- if ( isset($errMSG) ) {
- ?>
- <div class="form-group">
- <div class="alert alert-danger">
- <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
- </div>
- </div>
- <?php
- }
- ?>
- <div class="form-group">
- <div class="input-group">
- <span class="input-group-addon"><span class="glyphicon glyphicon-envelope"></span></span>
- <input type="email" name="email" class="form-control" placeholder="Your Email" value="<?php echo $email; ?>" maxlength="40" />
- </div>
- <span class="text-danger"><?php echo $emailError; ?></span>
- </div>
- <div class="form-group">
- <div class="input-group">
- <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
- <input type="password" name="pass" class="form-control" placeholder="Your Password" maxlength="15" />
- </div>
- <span class="text-danger"><?php echo $passError; ?></span>
- </div>
- <div class="form-group">
- <hr />
- </div>
- <div class="form-group">
- <button type="submit" class="btn btn-block btn-primary" name="btn-login">Sign In</button>
- </div>
- <div class="form-group">
- <hr />
- </div>
- <div class="form-group">
- <a href="register.php">Sign Up Here...</a>
- </div>
- </div>
- </form>
- </div>
- </div>
- </body>
- </html>
- <?php ob_end_flush(); ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement