<?phpinclude_once "mmoconnection.php"; $mydata = json_decode(file_get_co

1. <?php
2.  
3. include_once "mmoconnection.php";
4.  
5. $mydata = json_decode(file_get_contents('php://input'));
6.  
7. $login = $mydata["login"];
8. $pass = $mydata["password"];
9.  
10. $stmt = $conn->prepare("SELECT id, password FROM users WHERE username = ? ");
11.  
12. $stmt->bind_param("s", $login); // "s" means the database expects a string
13.  
14. $stmt->execute();
15.  
16. $stmt->bind_result($row_id, $row_hash);
17.  
18. if ($stmt->fetch()) {
19.  
20. if ( password_verify($pass, $row_hash) ) {
21.  
22. $userid = $row_id;
23.  
24. $stmt->close();
25.  
26. $sql ="DELETE FROM active_logins WHERE user_id =".$userid; //no need to use a prepared statement here
27. $old_sessions = $conn->query($sql);
28.  
29. $randomstring = substr(md5(rand()), 7, 10);
30. $sql ="INSERT INTO `active_logins` VALUES ('{$userid }', '{$randomstring}', NULL )"; //no need to use a prepared statement here
31. $generatekey = $conn->query($sql);
32.  
33. echo json_encode(array('status'=>"OK", 'sessionkey'=>$randomstring, 'userid'=> $userid));
34.  
35. }
36. else echo json_encode(array('status'=>'Login information is incorrect. Check your username and password.')); //wrong password
37.  
38. }
39. else echo json_encode(array('status'=>'Login information is incorrect. Check your username and password.')); //no such username
40.  
41.  
42. ?>