-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
60 lines (50 loc) · 1.64 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
require_once "config/database.php";
require_once "includes/csrf.php";
require_once "includes/header.php";
$error = "";
$csrf_token = generate_csrf_token();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
verify_csrf_token($_POST["csrf_token"]);
$username = $conn->real_escape_string($_POST["username"]);
$password = $_POST["password"];
$sql = "SELECT id, username, password FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 1) {
$user = $result->fetch_assoc();
if (password_verify($password, $user["password"])) {
$_SESSION["user_id"] = $user["id"];
$_SESSION["username"] = $user["username"];
header("location: index.php");
exit();
} else {
$error = "Invalid password";
}
} else {
$error = "User not found";
}
}
?>
<h2>Login to Retro Tweet</h2>
<?php if (!empty($error)) {
echo "<p style='color: #ff0000;'>$error</p>";
} ?>
<form action="login.php" method="post">
<div>
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<div>
<input type="submit" value="Login">
</div>
<input type="hidden" name="csrf_token" value="<?php echo $csrf_token; ?>">
</form>
<p>No account? <a href="register.php">Register here</a>.</p>
<?php require_once "includes/footer.php"; ?>