<!DOCTYPE html> <html> <head> <title>Login</title> </head> <body><c

1. <!DOCTYPE html>
2. <html>
3. <head>
4.   <title>Login</title>
5. </head>
6. <body>
7. <center>
8. <form action="?login=1" method="post">
9. E-Mail:<br>
10. <input type="email" size="40" maxlength="250" name="email"><br><br>
11.  
12. Passwort:<br>
13. <input type="password" size="40"  maxlength="250" name="passwort"><br>
14.  
15. <input type="submit" value="Anmelden">
16. </form>
17. </body>
18. </center>
19. </html>
20.  
21. <?php
22. session_start();
23. $pdo = new PDO('mysql:host=localhost;dbname=users', 'admin', 'pw') or die("Connect failed: %s\n". $conn -> error);
24.  
25. include openconn.php;
26. $conn = OpenCon();
27.  
28. echo "Connected Successfully";
29.  
30. CloseCon($conn);
31. //include 'db_connection.php';
32. //$dbhost = "localhost";
33. //$dbuser = "admin";
34. //$dbpass = "pw";
35. //$db = "users";
36.  
37. //$pdo = new mysqli($dbhost, $dbuser, $dbpass,$db) or die("Connect failed: %s\n". $conn -> error);
38.  
39.  
40. if(isset($_GET['login'])) {
41.  $email = $_POST['email'];
42.  $passwort = $_POST['passwort'];
43.  
44.  $statement = $pdo->prepare("SELECT * FROM users WHERE email = :email");
45.  $result = $statement->execute(array('email' => $email));
46.  $user = $statement->fetch();
47.  
48.  //Überprüfung des Passworts
49.  if ($user !== false && password_verify($passwort, $user['passwort'])) {
50.  $_SESSION['userid'] = $user['id'];
51.  die('Login erfolgreich. Weiter zu <a href="geheim.php">internen Bereich</a>');
52.  } else {
53.  $errorMessage = "E-Mail oder Passwort war ungültig<br>";
54.  echo "Fehler";
55.  }
56.  
57. }
58. if(isset($errorMessage)) {
59.   echo $errorMessage;
60.  }
61. ?>