-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
75 lines (49 loc) · 1.76 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
$is_invalid = false; //if pass is invalid
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$mysqli = require __DIR__ . "/database.php"; //connect to db
//insert val from form
$sql = sprintf("SELECT * FROM user
WHERE email = '%s'",
$mysqli->real_escape_string($_POST["email"]));
$result = $mysqli->query($sql); // returns a result
$user = $result->fetch_assoc(); //returns record if found
if ($user) {//if record found
if (password_verify($_POST["password"], $user["password_hash"])) { //verify hash matches text
session_start();
session_regenerate_id();
$_SESSION["user_id"] = $user["id"];
header("Location: home.php");
exit;
}
}
$is_invalid = true;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta charset="UTF-8">
<link rel="stylesheet" href="signup.css">
</head>
<body>
<img src="logo-transparent-png.png" alt="logo" width="90px" height="75px">
<h1>Login</h1>
<?php if ($is_invalid): ?>
<em>Invalid login</em>
<?php endif; ?>
<div class="form-inputs">
<form method="post">
<label for="email">EMAIL:</label>
<input type="email" name="email" id="email" placeholder="[email protected]"
value="<?= htmlspecialchars($_POST["email"] ?? "") ?>"> <br><br>
<label for="password">PASSWORD:</label>
<input type="password" name="password" id="password" placeholder="type password">
<br><br>
<button>Log in</button>
<p>No account? <a href="signup.html">sign up</a></p>
</form>
</div>
</body>
</html>