function authenticate() { $db = dungeon_connection(); $email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL); $password = filter_input(INPUT_POST, "password"); if ($email == NULL || $email == false || $password == NULL || $password == false) { return false; } $salt = '$6$!@#$%^&*()_+_)(*'; $hashed_password = crypt($password, $salt); $query = 'SELECT * FROM users WHERE email = :email'; $statement = $db->prepare($query); $statement->bindValue(':email', $email); $statement->execute(); $row = $statement->fetch(); $db_password = $row['password']; $db_hashed_password = $row['hashed_password']; $first_name = $row['first_name']; $user_id = $row['user_id']; $statement->closeCursor(); if ($password == $db_password) { $db_hashed_password = change_to_encrypted_password($user_id, $password); } if ($hashed_password == $db_hashed_password) { update_logins($user_id); session_start(); $_SESSION['user_id'] = $user_id; $_SESSION['name'] = $first_name; return true; } else { return false; } }
function authenticate() { $db = dungeon_connection(); $email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL); $password = filter_input(INPUT_POST, "password"); $query = 'SELECT * FROM users WHERE email = :email and password = :password'; $statement = $db->prepare($query); $statement->bindValue(':email', $email); $statement->bindValue(':password', $password); $statement->execute(); $row = $statement->fetch(); $db_email = $row['email']; $db_password = $row['password']; $first_name = $row['first_name']; $user_id = $row['user_id']; $statement->closeCursor(); if ($email == $db_email and $password == $db_password) { //echo 'Your Credentials match!'; update_logins($user_id); session_start(); $_SESSION['user_id'] = $user_id; $_SESSION['name'] = $first_name; return true; } else { //echo 'Your Credentials didnt match'; return false; } }