function authUser($user, $pass)
{
$db = getDB();
$query = 'SELECT username, hash, groups FROM gpadb.users WHERE username LIKE :user';
$stmt = $db->prepare($query);
$stmt->bindParam(':user', $user);
$stmt->execute();
$rows = $stmt->fetch(PDO::FETCH_ASSOC);
$group = $rows['groups'];
$hash = $rows['hash'];
$_SESSION['user'] = $user;
if (password_verify($pass, $hash)) {
$_SESSION['password'] = $hash;
header('Location: ../main');
} else {
$_SESSION['loginError'] = true;
array_push($_SESSION['error'], 'That did not work; please try again');
destroySessionsButKeepErrors();
header('Location: ../');
}
}
// If clicked on register button, redirect to self-register form
if (isset($_POST['register'])) {
header('Location: ../register');
} else {
if (!isset($_POST['user']) || !isset($_POST['password'])) {
redirectIfNotLoggedIn();
} else {
authUser($_POST['user'], $_POST['password']);
}
}
<?php
session_start();
include_once "testlogin.php";
redirectIfNotLoggedIn("https://127.0.0.1/");
?>
<html>
<body>
<?php
include_once "../nonPublic/csrftoken.php";
echo "If confirmed, the following items will be purchased:<br/>";
echo "<table>";
for ($x = 2; $x <= $_SESSION['cookieNbr']; $x++) {
$username = $_SESSION["username"];
$itemId = $_SESSION["purchasesId" . $x];
$itemName = $_SESSION["purchases" . $x];
echo "<tr><th> " . $itemName . " </th>";
}
echo "</table>";
echo "<br/>";
?>
<form action="buyItems.php" method="POST">
<input id="submit" type="submit" value="Confirm Purchase">
<?php
echo "<input type=\"hidden\" name=\"token\" value=\"" . session_id() . "\"/>";
?>
</form>
<form action="searchView.php" method="POST">
<input id="submit" type="submit" value="Continue Shopping">