API tools faq
paste
Advertisement
Guest User

auth.php

a guest
May 25th, 2023
49
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.10 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. // Change this to your connection info.
  4. $DATABASE_HOST = 'localhost';
  5. $DATABASE_USER = '-ts';
  6. $DATABASE_PASS = '#';
  7. $DATABASE_NAME = '-timescheduler';
  8. //var_dump($_SESSION);
  9.  
  10. // Try and connect using the info above.
  11. $con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
  12. if ( mysqli_connect_errno() ) {
  13. // If there is an error with the connection, stop the script and display the error.
  14. exit('Failed to connect to MySQL: ' . mysqli_connect_error());
  15. }
  16.  
  17. // Now we check if the data from the login form was submitted, isset() will check if the data exists.
  18. if ( !isset($_POST['surname'], $_POST['password']) ) {
  19. // Could not get the data that should have been sent.
  20. exit('Please fill both the username and password fields!');
  21. }
  22.  
  23. // Prepare our SQL, preparing the SQL statement will prevent SQL injection.
  24. if ($stmt = $con->prepare('SELECT id_staff, password FROM staff WHERE surname = ?')) {
  25. // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
  26. $stmt->bind_param('s', $_POST['surname']);
  27. $stmt->execute();
  28. // Store the result so we can check if the account exists in the database.
  29. $stmt->store_result();
  30. if ($stmt->num_rows > 0) {
  31. $stmt->bind_result($id_staff, $password);
  32. $stmt->fetch();
  33. // Account exists, now we verify the password.
  34. // Note: remember to use password_hash in your registration file to store the hashed passwords.
  35. if (password_verify($_POST['password'], $password)) {
  36. // Verification success! User has logged-in!
  37. // Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
  38. session_regenerate_id();
  39. $_SESSION['loggedin'] = TRUE;
  40. $_SESSION['name'] = $_POST['surname'];
  41. $_SESSION['id_staff'] = $id_staff;
  42. //echo 'Welcome ' . $_SESSION['name'] . '!';
  43. } else {
  44. // Incorrect password
  45. echo 'Incorrect username and/or password!';
  46. }
  47. } else {
  48. // Incorrect username
  49. echo 'Incorrect username and/or password!';
  50. }
  51.  
  52. $stmt->close();
  53. }
  54. ?>
  55. hier gehts weiter <a href="index.php">Kalender</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!