Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(E_ALL & ~E_NOTICE); // you dont need thisssss
- session_start();
- if(!empty($_POST['username']) && !empty($_POST['password'])) { // $_POST['submit'] who the fuck need that, we need to know if we got the username and password
- include_once("connect.php"); // this file doing? db?
- $username = strip_tags($_POST['username']); // yeah like if someone want to break your site it will be html tags. NO
- $password = strip_tags($_POST['password']);
- // ?? your password encrypted?
- // ...
- $sql = "SELECT id, username, password FROM members WHERE username = '$username' AND activated = '1' LIMIT 1";
- $query = mysqli_query($dbCon, $sql);
- // why? - start
- if($query) {
- $row = mysqli_fetch_row($query);
- $userId = $row[0];
- $dbUsername = $row[1];
- $dbPassword = $row[2];
- }
- if($username == $dbUsername && $password == $dbPassword) {
- $_SESSION['username'] = $username;
- $_SESSION['id'] = $userId;
- $invalid = "";
- }else {
- $invalid = "incorrect username or password";
- }
- // why? --end
- //look you have the username and the password, why you fetching the data of the password and then check it. why not just check it from the start ?
- //we have the username and password right? so:
- $sql = "SELECT id, username FROM members WHERE username = '$username' AND password = '$password' AND activated = '1' LIMIT 1";
- $query = mysqli_query($dbCon, $sql);
- $invalid = ''; // can be global, because you always need him.
- if($query) { // yep, its the man
- $row = mysqli_fetch_row($query);
- $userId = $row[0];
- $dbUsername = $row[1];
- // $dbPassword = $row[2]; never show or use user password. (from DB)
- $_SESSION['username'] = $username;
- $_SESSION['id'] = $userId;
- }else { // not the man
- $invalid = "incorrect username or password";
- }
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- <meta charset="UTF-8">
- <title>Login</title>
- <link rel="stylesheet" href="css/style.css">
- </head>
- <body>
- <div class="login-page">
- <div class="form">
- <form action="<?php echo $_SERVER['PHP_SELF']?>" class="register-form" method="post"> <?php //btw, you must have method(post or get) and action(where the logic is, here its the same page) ?>
- <input type="text" placeholder="שם" name="regName"/>
- <input type="password" placeholder="סיסמה" name="regPass"/>
- <button name="register">הרשם</button>
- <p class="message">כבר רשום <a href="#">התחבר</a></p>
- </form>
- <form class="login-form">
- <div><?php echo $invalid; ?></div>
- <input type="text" placeholder="שם משתמש" name="username">
- <input type="password" placeholder="סיסמה" name="password">
- <button name="submit">התחבר</button>
- <p class="message">לא רשום <a href="#">צור משתמש</a></p>
- </form>
- </div>
- </div>
- <script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
- <script src="js/index.js"></script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement