function validate_fields($fields) { global $errors; if (!has_presence($fields["email"])) { $errors[] = "Email can't be blank"; } if (!has_presence($fields["password"]) && !isset($_SESSION['id'])) { $errors[] = "Password can't be blank"; } if (has_presence($fields["password"]) && $fields["confirm_password"] !== $fields["password"]) { $errors[] = "Confirm Password Has To be Identical to Password"; } if (has_presence($fields["email"])) { $current_user = ""; $result = find_user_by_email($fields["email"]); $user = mysqli_fetch_row($result); if (isset($_SESSION['id'])) { $current_user = mysqli_fetch_row(find_user_by_id($_SESSION['id'])); } if ($user && $user !== $current_user) { // email is the 4th column in table user $errors[] = "Email Already Exists"; } } // user regex to check email validity }
<?php require_once "./session.php"; require_once "./functions.php"; ?> <?php if (isset($_POST["login"])) { $email = mysqli_real_escape_string($db, $_POST["email"]); $password = mysqli_real_escape_string($db, $_POST["password"]); $results = find_user_by_email($email); $user = mysqli_fetch_row($results); if ($user) { $hashed_pass = $user[4]; // position of the column (5th) if (password_verify($password, $hashed_pass)) { $_SESSION['id'] = $user[0]; $_SESSION['first_name'] = $user[1]; // redirect_to("index.php"); } else { echo "<label id='error'> Bad email/password </label>"; } } else { echo "<label id='error'> Bad email/password </label>"; } mysqli_free_result($results); // free memory used to store the results } elseif (isset($_POST["logout"])) { // $_SESSION = array(); session_destroy(); // redirect_to("index.php");
function attempt_login($email, $password) { $user = find_user_by_email($email); if ($user) { // found user, now check password if (password_check($password, $user["Password"])) { // password matches return $user; } else { // password does not match return false; } } else { // user not found return false; } }