-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
96 lines (87 loc) · 2.89 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">
<link href="login_style.css" rel="stylesheet" type="text/css">
<style>
a:link {
color: green;
background-color: transparent;
text-decoration: none;
}
a:hover {
color: red;
background-color: transparent;
text-decoration: underline;
}
</style>
</head>
<body>
<div class="login">
<h1>Login</h1>
<form action="authenticate.php" method="post">
<label for="email">
<i class="fas fa-user"></i>
</label>
<input type="text" name="email" placeholder="Email" id="Email" required>
<label for="password">
<i class="fas fa-lock"></i>
</label>
<input type="password" name="password" placeholder="Password" id="password" required>
<input type="submit" value="Login">
<!--<p style="text-align:right" style="color:red">Don't have an account? Create Now</p>-->
<!--<p style="font-family:verdana" style="text-align:right">Don't have an account? Create Now</p>-->
<p style="margin-left:5em">Don'have an account <a href="register.php" target="_blank">Create One</a></p>
</form>
</div>
</body>
</html>
<?php
if (!isset($_POST['email'],$_POST['password'])) {
// Could not get the data that should have been sent.
exit();
}
// $sql = "SELECT email, password from users";
// $query = mysqli_query($con,$sql);
// // while($res = mysqli_fetch_assoc($query)){
// if($_POST['email'] = email and $_POST['password'] = $res['password']){
// session_regenerate_id();
// $_SESSION['loggedin'] = TRUE;
// $_SESSION['email'] = $_POST['email'];
// $_SESSION['id'] = $customer_id;
// exit();
// }
// // }
// echo 'Incorrect username and/or password!';
//
if ($stmt = $con->prepare('SELECT customer_id, password FROM users WHERE email = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param('s', $_POST['email']);
$stmt->execute();
// Store the result so we can check if the account exists in the database or not.
$stmt->store_result();
$stmt->close();
}
if ($stmt->num_rows > 0) {
$stmt->bind_result($customer_id, $password);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if ($_POST['password'] === $password) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['id'] = $customer_id;
//echo 'Welcome ' . $_SESSION['email'] . '!';
} else {
// Incorrect password
echo 'Incorrect username and/or password!';
}
} else {
echo 'Incorrect username and/or password!';
}
?>