<?php require_once './header.php'; if (isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty("txtPassword")) { $pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD); $sql = "SELECT email, password, first_name, last_name FROM user WHERE email = :email"; $sth = $pdo->prepare($sql); $sth->execute(array(':email' => $_POST["txtEmail"])); if ($sth->rowCount() == 0) { $message = "incorrect username!"; } else { $user = $sth->fetch(PDO::FETCH_ASSOC); if (!password_verify($_POST["txtPassword"], $user["password"])) { $message = "incorrect password!"; } else { // valid user, save data to session and redirect $_SESSION["username"] = $user["first_name"] . ' ' . $user['last_name']; echo '<script>window.location.href = "index.php";</script>'; } } echo "<script>alert('{$message}');</script>"; } ?> <form method="POST" id="formSignin"> <div class="form-group"> <label class="control-label" for="inputDefault">EMAIL</label> <input type="text" class="form-control" id="txtEmail" name="txtEmail" placeholder="Enter email address" maxlength="100"> </div> <div class="form-group"> <label class="control-label" for="inputDefault">PASSWORD</label> <input type="password" class="form-control" id="txtPassword" name="txtPassword" placeholder="Enter password" maxlength="8">
<?php require_once './header.php'; if (isPostSetAndNotEmpty('txtFirstName') && isPostSetAndNotEmpty('txtLastName') && isPostSetAndNotEmpty('txtPassword') && isPostSetAndNotEmpty('txtEmail') && isPostSetAndNotEmpty('txtConfirmPassword') && isPostSetAndNotEmpty('txtCaptcha')) { // validate inputs $message = ''; if ($_POST['txtPassword'] != $_POST['txtConfirmPassword']) { $message = 'password is not equal to confirmPassword!\\n'; } if (!isValidEmail($_POST['txtEmail'])) { $message .= 'incorrect email pattern!\\n'; } if (!isValidName($_POST['txtFirstName'])) { $message .= 'incorrect first name pattern!\\n'; } if (!isValidName($_POST['txtLastName'])) { $message .= 'incorrect last name pattern!\\n'; } if (!isValidPassword($_POST['txtPassword'])) { $message .= 'incorrect password pattern!\\n'; } if ($_SESSION['captcha']['code'] != $_POST['txtCaptcha']) { $message .= 'incorrect captcha!'; } if ($message == '') { $pdo = new PDO("mysql:host={$DB_HOST};dbname={$DB_DATABASE};charset=utf8", $DB_USER, $DB_PASSWORD); // check duplicate email $sql = "SELECT email FROM user WHERE email = :email"; $sth = $pdo->prepare($sql); $sth->execute(array(':email' => $_POST['txtEmail'])); if ($sth->rowCount() > 0) {