/
loginHandler.php
executable file
·73 lines (52 loc) · 1.77 KB
/
loginHandler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" type="text/css" href="SiteStyle.css" />
<meta http-equiv="Content-Type"
content="text/html; charset = ISO-8859-1" />
</head>
<body>
<?php
session_unset();
session_start();
require "class_lib.php";
$debug = false;
if ($debug) { error_reporting(E_ALL); }
// check if session has already been started
// if so, destroy current session
// validate credentials
if (isset($_POST['username']) && isset($_POST['password'])) {
$db_server = connect();
// validate credentials
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username='$username'";
$result = $db_server->query($query);
checkQueryResults($result);
$row = $result->fetch_row();
$fixedPass = hash('sha1', $password, false);
if ($fixedPass == $row[1]) {
// user/pw combo correct; kill any current sessions, initiate new session, redirect to index
$_SESSION['username'] = $username;
if ($debug) { print_r($_SESSION); }
// redirect to index page
header('Location: index.php');
exit(0);
//echo "<h1>Unknown error. If you have disabled cookies, please re-enable them.</br><a href = login.php>Return</a> to login page</br></h1>";
//session_destroy();
//$sessionStarted = session_start();
//header('Location: index.php');
}
else {
// user doesn't exist or password is incorrect
echo "User doesn't exist or incorrect password</br><a href = login.php>Return</a> to login page</br> ";
}
close($db_server);
}
//else {
// not isset
//}
?>
</body>
</html>