<?php session_start(); if((!isset($_POST['login'])) || (!isset($_POST['pass'

1. <?php
2. session_start();
3. if((!isset($_POST['login'])) || (!isset($_POST['pass'])))
4. {
5. header('Location: index.php');
6. exit();
7. }
8. require_once "connect.php";
9.  
10. $connect= new mysqli($host, $db_user, $db_password, $db_name);
11.  
12. if($connect->connect_errno!=0)
13. {
14. echo "ERROR: ".$connect->connect_errno;
15. }
16. else
17. {
18. $login = $_POST['login'];
19. $pass= $_POST['pass'];
20.  
21. $login = htmlentities($login, ENT_QUOTES, "UTF-8");
22. $pass = htmlentities($pass, ENT_QUOTES, "UTF-8");
23.  
24.  
25. if ($rezultat = @$connect->query(
26. sprintf("SELECT * FROM users WHERE user='%s'",
27. mysqli_real_escape_string($connect, $login))))
28. {
29. $ilu_userow = $rezultat->num_rows;
30. if($ilu_userow>0)
31. {
32. $wiersz = $rezultat->fetch_assoc();
33.  
34. if (password_verify($pass, $wiersz['pass']))
35. {
36. $_SESSION['zalogowany'] = true;
37. $_SESSION['id'] = $wiersz['id'];
38. $_SESSION['user'] = $wiersz['user'];
39.  
40.  
41. unset($_SESSION['blad']);
42. $rezultat->free_result();
43. header('Location: index_l.php');
44. }
45. else
46. {
47. $_SESSION['blad'] = '<span style="color:red">Something wrong</span>';
48. header('Location: login_page.php');
49. }
50.  
51. } else {
52.  
53. $_SESSION['blad'] = '<span style="color:red">Something wrong</span>';
54. header('Location: login_page.php');
55.  
56. }
57.  
58. }
59.  
60. $connect->close();
61. }
62. ?>