// create our query to look for the user $stmt_sql = "SELECT user_id FROM userDB WHERE user_email = ?"; } else { // Create a similar query but look for username $stmt_sql = "SELECT user_id FROM userDB WHERE user_username = ?"; } // Prepare the query, bind parameters and execute the statement $stmt_result = execute_single_variable_prepared_stmt($mysqli, $stmt_sql, $user, 's'); // if the user exists in the DB if ($stmt_result->num_rows === 1) { // Get the user ID in a variable $user_id = get_single_result($stmt_result); // Selecting the password $stmt_sql = "SELECT user_password FROM userDB WHERE user_id = ?"; // Get the users hashed password $stmt_result = execute_single_variable_prepared_stmt($mysqli, $stmt_sql, $user_id, 'i'); // Get the hashed password in a variable $password_hash = get_single_result($stmt_result); // Verify the password if (password_verify($password, $password_hash)) { // Start the session session_start(); // Save session variable $_SESSION['loggedin_user'] = $user_id; // Set response $response = "success"; } else { // Set response $response = "Invalid password for " . $user; } } else {
$stmt_result; // Statement results // Check terms and validations if ($_POST['signup_terms_checkbox'] === 'on') { // Validate E-Mail if (filter_var($email, FILTER_VALIDATE_EMAIL) == false) { $response = "Invalid email address"; } else { // SQL for selecting our user $stmt_sql = "SELECT * FROM userDB WHERE user_email = ?"; // Get the result set for the query $stmt_result = execute_single_variable_prepared_stmt($mysqli, $stmt_sql, $email, 's'); // SQL for selecting our user $stmt_sql = "SELECT * FROM userDB WHERE user_username = ?"; // Get the result set for the query $stmt_result_2 = execute_single_variable_prepared_stmt($mysqli, $stmt_sql, $username, 's'); // Check number of results we got, If there is no such user, then we should get 0 if ($stmt_result->num_rows === 0 && $stmt_result_2->num_rows === 0) { // Check other inputs, starting with username if (!preg_match("/^([a-zA-Z0-9_]){4,50}/", $username, $match)) { $response = "Username Doesn't Match the criteria: Alphanumeric and minimum 4 characters"; } else { // Check password if (strlen($password) < 8) { $response = "Password must be atleast 8 words long"; } else { // Match password if ($password != $password_c) { $response = "Passwords don't match, please try again"; } else { // Log the user details in the db