Beispiel #1
0
<?php

require_once './header.php';
if (isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty("txtPassword")) {
    $pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD);
    $sql = "SELECT email, password, first_name, last_name FROM user WHERE email = :email";
    $sth = $pdo->prepare($sql);
    $sth->execute(array(':email' => $_POST["txtEmail"]));
    if ($sth->rowCount() == 0) {
        $message = "incorrect username!";
    } else {
        $user = $sth->fetch(PDO::FETCH_ASSOC);
        if (!password_verify($_POST["txtPassword"], $user["password"])) {
            $message = "incorrect password!";
        } else {
            // valid user, save data to session and redirect
            $_SESSION["username"] = $user["first_name"] . ' ' . $user['last_name'];
            echo '<script>window.location.href = "index.php";</script>';
        }
    }
    echo "<script>alert('{$message}');</script>";
}
?>
<form method="POST" id="formSignin">
	<div class="form-group">
		<label class="control-label" for="inputDefault">EMAIL</label>
		<input type="text" class="form-control" id="txtEmail" name="txtEmail" placeholder="Enter email address" maxlength="100">
	</div>
	<div class="form-group">
		<label class="control-label" for="inputDefault">PASSWORD</label>
		<input type="password" class="form-control" id="txtPassword" name="txtPassword" placeholder="Enter password" maxlength="8">
Beispiel #2
0
<?php

require_once './header.php';
if (isPostSetAndNotEmpty('txtFirstName') && isPostSetAndNotEmpty('txtLastName') && isPostSetAndNotEmpty('txtPassword') && isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty('txtConfirmPassword') && isPostSetAndNotEmpty('txtCaptcha')) {
    // validate inputs
    $message = '';
    if ($_POST['txtPassword'] != $_POST['txtConfirmPassword']) {
        $message = 'password is not equal to confirmPassword!\\n';
    }
    if (!isValidEmail($_POST['txtEmail'])) {
        $message .= 'incorrect email pattern!\\n';
    }
    if (!isValidName($_POST['txtFirstName'])) {
        $message .= 'incorrect first name pattern!\\n';
    }
    if (!isValidName($_POST['txtLastName'])) {
        $message .= 'incorrect last name pattern!\\n';
    }
    if (!isValidPassword($_POST['txtPassword'])) {
        $message .= 'incorrect password pattern!\\n';
    }
    if ($_SESSION['captcha']['code'] != $_POST['txtCaptcha']) {
        $message .= 'incorrect captcha!';
    }
    if ($message == '') {
        $pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD);
        // check duplicate email
        $sql = "SELECT email FROM user WHERE email = :email";
        $sth = $pdo->prepare($sql);
        $sth->execute(array(':email' => $_POST['txtEmail']));
        if ($sth->rowCount() > 0) {