forked from tbondwilkinson/Module-3
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvalidate_users.php
More file actions
38 lines (32 loc) · 1015 Bytes
/
validate_users.php
File metadata and controls
38 lines (32 loc) · 1015 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
session_start();
require "database.php";
// Check to see whether the username exists.
if (isset($_POST['username']) and isset($_POST['password'])) {
// Use a prepared statement
$stmt = $mysqli->prepare("SELECT COUNT(*), id, crypted_password FROM users WHERE username=?");
// Bind the parameter
$user = $_POST['username'];
$stmt->bind_param('s', $user);
$stmt->execute();
// Bind the results
$stmt->bind_result($cnt, $user_id, $pwd_hash);
$stmt->fetch();
$pwd_guess = $_POST['password'];
// Compare the submitted password to the actual password hash
if( $cnt == 1 && crypt($pwd_guess, $pwd_hash)==$pwd_hash){
// Login succeeded!
$_SESSION['logged_in'] = true;
$_SESSION['user_id'] = $user_id;
$_SESSION['token'] = md5(uniqid(rand(), true));
header("Location: main.php");
exit;
}else{
// Login failed; redirect back to the login screen
header("Location: login.php?attempts=1&username=" . $_POST['username']);
exit;
}
}
header("Location: login.php?attempts=1");
exit;
?>