Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Inserisco i dati nel DB
- $nome = $_GET['nome'];
- $cognome = $_GET['cognome'];
- $email = $_GET['email'];
- $username = $_GET['username'];
- $password = $_GET['password'];
- $hash = password_hash($password, PASSWORD_BCRYPT);
- $sql = "INSERT INTO clienti (nome, cognome, email, username, password)
- VALUES (:nome, :cognome, :email, :username, :password)";
- $req = $dbh->prepare($sql);
- $req->execute(
- array(
- ":nome" => $nome,
- ":cognome" => $cognome,
- ":email" => $email,
- ":username" => $username,
- ":password" => $hash,
- )
- );
- //login
- require_once 'includes/connect-db.php';
- session_start();
- $_SESSION['loggato'] = false;
- // non utilizzare mai $_REQUEST
- $username = $_POST['username'];
- $password = $_POST['password'];
- $sql = "SELECT password FROM clienti WHERE username = :username";
- $req = $dbh->prepare($sql);
- $req->execute(
- array(
- ":username" => $username
- )
- );
- $utente = $req->fetch(PDO::FETCH_ASSOC);
- if(isset($utente['password']) && password_verify($password, $utente['password'])) {
- $_SESSION['loggato'] = true;
- $_SESSION['utente'] = $username; // inserisci solo la username e non la password in sessione
- Header('Location: index.php');
- } else {
- Header('Location: login.php?error=true');
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement