<?php
include "db.php";
//DB Connection
$connection = new DbConnect();
$connection->Connect("localhost", "root", "root", "users");
$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
//Verify Username First
$fetch = mysql_query("SELECT id FROM `login` WHERE username='******'");
$count = mysql_num_rows($fetch);
if ($count != "") {
//Fetch Hashed Password
$fetch = mysql_query("SELECT password FROM login WHERE username = '******';");
$r = mysql_fetch_assoc($fetch);
$salt = $r['password'];
if (password_verify($pass, $salt)) {
session_start();
$_SESSION['login_username'] = $user;
header("Location:../admin/index.php");
} else {
echo "<script>\n\t\t\t\t\t\talert('Wrong Password or Username');\n\t\t\t\t\t\twindow.location.href='../admin/admin_login.php';\n\t\t\t\t\t </script>";
}
} else {
echo "<script>\n\t\t\t\talert('Wrong Password or Username');\n\t\t\t\twindow.location.href='../admin/admin_login.php';\n\t\t\t </script>";
}
