Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <title>Login</title>
- </head>
- <body>
- <form method="post">
- <label>Username:</label>
- <input type="text" name="username" id="username" placeholder="username">
- <br>
- <label>Password:</label>
- <input type="password" name="password" id="password" placeholder="******">
- <br>
- <input type="submit" name="submit" id="submit" value="Login">
- </form>
- <?php
- if (isset($_POST['submit'])) {
- //database
- include("../secure/database.php");
- //connecting to server
- $link=mysqli_connect(HOST,USERNAME,PASSWORD,DBNAME) or die("Connect Error ".mysqli_error($link));
- if (empty($_POST['username']) || empty($_POST['password'])) {
- echo "Username or Password is empty";
- }
- else{
- findUser(htmlspecialchars($_POST['password']),htmlspecialchars($_POST['username']),$link);
- }
- }
- function findUser($password, $username,$link){
- $query="SELECT password FROM login WHERE user_name=?";
- $stmt = $link->stmt_init();
- $stmt= $link->prepare($query) or die("Prepare error: ".mysqli_error($link));
- $stmt->bind_param("s", $username) or die("Bind error".mysqli_error($link));
- $stmt->execute() or die("Execution error".mysqli_error($link));
- $result = mysqli_stmt_get_result($stmt);
- print_r($result);
- while($row=mysqli_fetch_array($result,MYSQLI_ASSOC)){
- $password_hash=$row['password'];
- echo $row['password'];
- }
- //return the result
- if($result->num_rows==1){
- if(password_verify($password,$password_hash)){
- $_SESSION['login_user']=$username;
- mysqli_close($link);
- header('location: profile.php');
- }
- }
- else{
- echo 'Username or Password is invalid';
- }
- }
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement