/
login.inc.php
executable file
·52 lines (36 loc) · 1.44 KB
/
login.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<?php
// This is the login page for the site.
// It's included by index.php, which receives the login form data.
// This script is created in Chapter 4.
// Array for recording errors:
$login_errors = array();
// Validate the email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$e = mysqli_real_escape_string ($dbc, $_POST['email']);
} else {
$login_errors['email'] = 'Please enter a valid email address!';
}
// Validate the password:
if (!empty($_POST['pass'])) {
$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
} else {
$login_errors['pass'] = 'Please enter your password!';
}
if (empty($login_errors)) { // OK to proceed!
// Query the database:
$q = "SELECT * FROM users WHERE (email='$e' AND pass='" . get_password_hash($p) . "')";
$r = mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) == 1) { // A match was made.
// Get the data:
$row = mysqli_fetch_assoc ($r);
// If the user is an administrator, create a new session ID to be safe:
// This code is created at the end of Chapter 4:
// Store the data in a session:
$_SESSION['user_id'] = $row['id'];
$_SESSION['username'] = $row['username'];
// Only indicate if the user's account is not expired:
} else { // No match was made.
$login_errors['login'] = 'The email address and password do not match those on file.';
}
} // End of $login_errors IF.
// Omit the closing PHP tag to avoid 'headers already sent' errors!