Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $server = 'localhost';
- $username = 'username';
- $password = 'password';
- $db = 'database';
- $conn = mysqli_connect($server,$username,$password,$db);
- if(!$conn){
- die("Connection Failed!:".mysqli_connect_error());
- }
- ?>
- <?php session_start();
- if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { //TO CHECK IF LAST REQUEST WAS MORE THAN 30 SECONDS AGO
- session_unset(); // unset $_SESSION variable for the run-time
- session_destroy(); // destroy session data in storage, log out user
- }
- $_SESSION['LAST_ACTIVITY'] = time(); // UPDATE LAST ACTIVITY STAMP
- ?>
- <!--you can puth the above two php code in seperate files and include them at the top of every page-->
- <?php
- if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true) { //if a user is logged in
- echo "<script type='text/javascript'> document.location = 'panel.php'; </script>"; //using javscript to redirect
- // header('Location: panel.php'); //using php to redirect
- //you may choose any of the two redirect options above
- } else { //IF NO USER LOGGED IN
- //do nothing
- }
- //this php code above detects if a user is logged in and session is true
- ?>
- <?php
- if(isset($_POST{'signin_submit'})){ //IF LOGIN BTN WAS CLICKED AND SENT TO THIS PAGE
- if(!empty($_POST{'user_email'}) && !empty($_POST{'user_password'})){ //CHECK IF EMAIL AND PASSWORD IS NOT EMPTY
- $get_user_email = $_POST['user_email'];
- $get_user_email = mysqli_real_escape_string($conn,$get_user_email);
- $get_password = $_POST['user_password'];
- $sql = "SELECT * FROM users WHERE email = '$get_user_email' AND password = '$get_password'";
- if($result1 = mysqli_query($conn,$sql)){ //FOR USERS IF THERE IS CONNECTION TO THE DATABASE WHERE EMAIL AND PASSWORD IS AVAILABLE
- if(mysqli_num_rows($result1) == 1){ //IF NO. OF ROWS WITH ABOVE QUERY IS JUST ONE
- $_SESSION['loggedin'] = true;
- $_SESSION['user_email'] = $get_user_email; // $username coming from the form, such as $_POST['username']
- $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
- // $inno_sql = mysqli_query($conn,$sql);
- while($rows = mysqli_fetch_assoc($result1)){ //RETRIEVE USER DETAILS
- //this session variables below can be used in the entire application to represent the users data it equates to
- $_SESSION['name'] = $rows['name'];
- $_SESSION['id'] = $rows['id'];
- $_SESSION['created_at'] = $rows['created_at'];
- $_SESSION['updated_at'] = $rows['updated_at'];
- }
- header('Location: dashboard.php');
- } else{
- echo "<script type='text/javascript'> document.location = 'signin.php?login_error=wrong'; </script>";
- // header('Location: signin.php?login_error=wrong');
- } //
- } else{ //if sql query is incorrect
- header('Location: signin.php?login_error=query_error');
- }
- }else{ //if email or password is empty
- header('Location: signin.php?login_error=empty');
- }
- }else{
- $login_err = ''; //set this variable to empty string if there is no login request
- }
- if(isset($_GET['login_error'])){ //TO OUTPUT LOGIN ERROR
- if($_GET['login_error'] == 'empty'){ //LOGIN ERROR FOR EMPTY
- $login_err = "<div class='alert alert-danger'>Email or password was empty!</div>";
- }elseif($_GET['login_error'] == 'wrong'){ //LOGIN ERROR FOR INVALID DETAILS
- $login_err = "<div class='alert alert-warning'>Invalid email or password!</div>";
- }
- }
- echo $login_err; //show login error in browser
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement