-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.php
78 lines (58 loc) · 2.44 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<?php
session_start();
include('includes/functions.php');
if( isset( $_POST['login'] ) ) {
// create variables
// wrap data with validate function
$formEmail = validateFormData( $_POST['email'] );
$formPass = validateFormData( $_POST['password'] );
// connect to database
include('includes/connection.php');
// create query
$query = "SELECT name, password FROM users WHERE email='$formEmail'";
// store the result
$result = mysqli_query( $conn, $query );
// verify if result is returned
if( mysqli_num_rows($result) > 0 ) {
//store basic user data in variables
while( $row = mysqli_fetch_assoc($result) ) {
$name = $row['name'];
$hashedPass = $row['password'];
}
// verify hashed password with submitted password
if( password_verify( $formPass, $hashedPass ) ) {
// correct login details
// store data in SESSION variables
$_SESSION['loggedInUser'] = $name;
// redirect user to clients page
header( "Location: clients.php" );
} else { //hashed password didn't verify
// error message
$loginError = "<div class='alert alert-danger'>Wrong username/password. Try again.</div>";
}
} else { // there are no result in database
// error message
$loginError = "<div class='alert alert-danger'>No such user in database. Try again.<a class='close' data-dismiss='alert'>×</a></div>";
}
}
// close mysql connection
mysqli_connect($conn);
include('includes/header.php');
?>
<h1>Client Address Book</h1>
<p class="lead">Log in to your account.</p>
<?php echo $loginError; ?>
<form class="form-inline" action="<?php echo htmlspecialchars( $_SERVER['PHP_SELF'] ); ?>" method="post">
<div class="form-group">
<label for="login-email" class="sr-only">Email</label>
<input type="text" class="form-control" id="login-email" placeholder="email" name="email" value="<?php echo $formEmail; ?>">
</div>
<div class="form-group">
<label for="login-password" class="sr-only">Password</label>
<input type="password" class="form-control" id="login-password" placeholder="password" name="password">
</div>
<button type="submit" class="btn btn-primary" name="login">Login</button>
</form>
<?php
include('includes/footer.php');
?>