Login.php // Project Crazy

1. <?php
2. // Include config file
3. require_once 'config.php';
4.  
5. // Define variables and initialize with empty values
6. $username = $password = "";
7. $username_err = $password_err = "";
8.  
9. // Processing form data when form is submitted
10. if($_SERVER["REQUEST_METHOD"] == "POST"){
11.  
12. // Check if username is empty
13. if(empty(trim($_POST["username"]))){
14. $username_err = 'Please enter username.';
15. } else{
16. $username = trim($_POST["username"]);
17. }
18.  
19. // Check if password is empty
20. if(empty(trim($_POST['password']))){
21. $password_err = 'Please enter your password.';
22. } else{
23. $password = trim($_POST['password']);
24. }
25.  
26. // Validate credentials
27. if(empty($username_err) && empty($password_err)){
28. // Prepare a select statement
29. $sql = "SELECT username, password FROM users WHERE username = ?";
30.  
31. if($stmt = mysqli_prepare($link, $sql)){
32. // Bind variables to the prepared statement as parameters
33. mysqli_stmt_bind_param($stmt, "s", $param_username);
34.  
35. // Set parameters
36. $param_username = $username;
37.  
38. // Attempt to execute the prepared statement
39. if(mysqli_stmt_execute($stmt)){
40. // Store result
41. mysqli_stmt_store_result($stmt);
42.  
43. // Check if username exists, if yes then verify password
44. if(mysqli_stmt_num_rows($stmt) == 1){
45. // Bind result variables
46. mysqli_stmt_bind_result($stmt, $username, $hashed_password);
47. if(mysqli_stmt_fetch($stmt)){
48. if(password_verify($password, $hashed_password)){
49. /* Password is correct, so start a new session and
50. save the username to the session */
51. session_start();
52. $_SESSION['username'] = $username;
53. header("location: welcome.php");
54. } else{
55. // Display an error message if password is not valid
56. $password_err = 'The password you entered was not valid.';
57. }
58. }
59. } else{
60. // Display an error message if username doesn't exist
61. $username_err = 'No account found with that username.';
62. }
63. } else{
64. echo "Oops! Something went wrong. Please try again later.";
65. }
66. }
67.  
68. // Close statement
69. mysqli_stmt_close($stmt);
70. }
71.  
72. // Close connection
73. mysqli_close($link);
74. }
75. ?>
76.  
77. <!DOCTYPE html>
78. <html lang="en">
79. <head>
80. <meta charset="UTF-8">
81. <title>Login</title>
82. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
83. <style type="text/css">
84. body{ font: 14px sans-serif; }
85. .wrapper{ width: 350px; padding: 20px; }
86. </style>
87. </head>
88. <body>
89. <div class="wrapper">
90. <h2>Login</h2>
91. <p>Please fill in your credentials to login.</p>
92. <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
93. <div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
94. <label>Username</label>
95. <input type="text" name="username"class="form-control" value="<?php echo $username; ?>">
96. <span class="help-block"><?php echo $username_err; ?></span>
97. </div>
98. <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
99. <label>Password</label>
100. <input type="password" name="password" class="form-control">
101. <span class="help-block"><?php echo $password_err; ?></span>
102. </div>
103. <div class="form-group">
104. <input type="submit" class="btn btn-primary" value="Login">
105. </div>
106. <p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
107. </form>
108. </div>
109. </body>
110. </html>