Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
ABC_Air_11727989/authenticate.php
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
53 lines (49 sloc)
2.01 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
session_start(); | |
// Change this to your connection info. | |
$DATABASE_HOST = 'localhost'; | |
$DATABASE_USER = 'root'; | |
$DATABASE_PASS = ''; | |
$DATABASE_NAME = 'phplogin'; | |
// Try and connect using the info above. | |
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME); | |
if ( mysqli_connect_errno() ) { | |
// If there is an error with the connection, stop the script and display the error. | |
exit('Failed to connect to MySQL: ' . mysqli_connect_error()); | |
} | |
// Now we check if the data from the login form was submitted, isset() will check if the data exists. | |
if ( !isset($_POST['username'], $_POST['password']) ) { | |
// Could not get the data that should have been sent. | |
exit('Please fill both the username and password fields!'); | |
} | |
// Prepare our SQL, preparing the SQL statement will prevent SQL injection. | |
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) { | |
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s" | |
$stmt->bind_param('s', $_POST['username']); | |
$stmt->execute(); | |
// Store the result so we can check if the account exists in the database. | |
$stmt->store_result(); | |
if ($stmt->num_rows > 0) { | |
$stmt->bind_result($id, $password); | |
$stmt->fetch(); | |
// Account exists, now we verify the password. | |
// Note: remember to use password_hash in your registration file to store the hashed passwords. | |
if (password_verify($_POST['password'], $password)) { | |
// Verification success! User has logged-in! | |
// Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server. | |
session_regenerate_id(); | |
$_SESSION['loggedin'] = TRUE; | |
$_SESSION['name'] = $_POST['username']; | |
$_SESSION['id'] = $id; | |
header('Location: home.php'); | |
} else { | |
// Incorrect password | |
echo 'Incorrect username and/or password!'; | |
} | |
} else { | |
// Incorrect username | |
echo 'Incorrect username and/or password!'; | |
} | |
$stmt->close(); | |
} | |
?> |