Initial import
This commit is contained in:
commit
c89f3a4171
8 changed files with 712 additions and 0 deletions
52
authenticate.php
Normal file
52
authenticate.php
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
<?php
|
||||
// Start the session
|
||||
session_start();
|
||||
require_once('config.php');
|
||||
// Try and connect using the info above
|
||||
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
|
||||
// Check for connection errors
|
||||
if (mysqli_connect_errno()) {
|
||||
// If there is an error with the connection, stop the script and display the error
|
||||
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
|
||||
}
|
||||
// Now we check if the data from the login form was submitted, isset() will check if the data exists
|
||||
if (!isset($_POST['username'], $_POST['password'])) {
|
||||
// Could not get the data that should have been sent
|
||||
exit('Please fill both the username and password fields!');
|
||||
}
|
||||
// Prepare our SQL, which will prevent SQL injection
|
||||
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
|
||||
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
|
||||
$stmt->bind_param('s', $_POST['username']);
|
||||
$stmt->execute();
|
||||
// Store the result so we can check if the account exists in the database
|
||||
$stmt->store_result();
|
||||
// Check if account exists with the input username
|
||||
if ($stmt->num_rows > 0) {
|
||||
// Account exists, so bind the results to variables
|
||||
$stmt->bind_result($id, $password);
|
||||
$stmt->fetch();
|
||||
// Note: remember to use password_hash in your registration file to store the hashed passwords
|
||||
if (password_verify($_POST['password'], $password)) {
|
||||
// Password is correct! User has logged in!
|
||||
// Regenerate the session ID to prevent session fixation attacks
|
||||
session_regenerate_id();
|
||||
// Declare session variables (they basically act like cookies but the data is remembered on the server)
|
||||
$_SESSION['account_loggedin'] = TRUE;
|
||||
$_SESSION['account_name'] = $_POST['username'];
|
||||
$_SESSION['account_id'] = $id;
|
||||
// Redirect to the home page
|
||||
header('Location: home.php');
|
||||
exit;
|
||||
} else {
|
||||
// Incorrect password
|
||||
echo 'Incorrect username and/or password!';
|
||||
}
|
||||
} else {
|
||||
// Incorrect username
|
||||
echo 'Incorrect username and/or password!';
|
||||
}
|
||||
// Close the prepared statement
|
||||
$stmt->close();
|
||||
}
|
||||
?>
|
||||
Loading…
Add table
Add a link
Reference in a new issue