Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!-- Backend page. Checks login against database, then generates SESSION -->
- <?php
- // Include MySQL connection object ($db)
- include 'connect_mysql.php';
- // Debug code -- Show errors
- error_reporting( E_ALL );
- ini_set( "display_errors", 1 );
- // Get POSTed variables
- $username = $_POST["username"];
- $password = $_POST["password"];
- // Main execution block
- checkInputs();
- if (checkLogin($username, $password) == 1) {
- // Generate session
- generateSession(getUserID($username));
- } else {
- // TODO: Redirect to failure page
- die("The login entered was incorrect. Please try again.");
- }
- // Checks if POST variables were passed in
- function checkInputs() {
- if(empty($_REQUEST['username'])) {
- //TODO: Replace with error page.
- die("Username was missing. Please try again.");
- }
- elseif(empty($_REQUEST['password'])) {
- //TODO: Replace with error page.
- die("Password was missing. Please try again.");
- }
- }
- // Returns whether the entered login is valid
- function checkLogin($username, $password) {
- /*
- Return row number of a valid login.
- Checks password hashes for security purposes.
- */
- $hashPass = password_hash($password, PASSWORD_DEFAULT);
- $query = ("SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . $password . "'");
- $result = mysql_query($query, $db) or die("Could not execute query: " . mysql_error());
- $numRows = mysql_num_rows($result);
- if ($numRows != 0) {
- return 1; // Query success
- } else {
- return 0; // Query failure
- }
- }
- function generateSession($userID) {
- session_start();
- $_SESSION["userID"] = $userID;
- }
- function getUserID($username) {
- $query = ("SELECT 'id' FROM 'users' WHERE 'username' = '" . $username . "'");
- $result = mysql_query($db, $query);
- if ($result !== false) {
- $id = mysqli_fetch_field($result);
- }
- return $id;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement