login

mail@pastecode.io avatar
unknown
plain_text
7 months ago
3.1 kB
4
Indexable
Never
<?php
// Start or resume a session
session_start();

// Database connection parameters
$servername = "your_servername";
$username = "your_username";
$password = "your_password";
$dbname = "your_dbname";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Define variables to store user input and error messages
$username = $password = "";
$usernameErr = $passwordErr = "";

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // Function to sanitize and validate input data
    function test_input($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }

    // Validate username
    if (empty($_POST["username"])) {
        $usernameErr = "Username is required";
    } else {
        $username = test_input($_POST["username"]);
    }

    // Validate password
    if (empty($_POST["password"])) {
        $passwordErr = "Password is required";
    } else {
        $password = test_input($_POST["password"]);
    }

    // If there are no errors, check the username and password
    if (empty($usernameErr) && empty($passwordErr)) {
        // Prepare and execute an SQL statement to retrieve user data
        $stmt = $conn->prepare("SELECT username, password FROM users WHERE username = ?");
        $stmt->bind_param("s", $username);
        $stmt->execute();
        $stmt->store_result();

        if ($stmt->num_rows > 0) {
            // User exists, fetch the password
            $stmt->bind_result($dbUsername, $dbPassword);
            $stmt->fetch();

            // Verify the password
            if (password_verify($password, $dbPassword)) {
                // Password is correct, set session variables and redirect to index.php
                $_SESSION["username"] = $username;
                header("Location: index.php");
                exit();
            } else {
                $passwordErr = "Incorrect password";
            }
        } else {
            $usernameErr = "Username not found";
        }

        // Close the statement
        $stmt->close();
    }
}

// Close the database connection
$conn->close();
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Login</title>
</head>
<body>

<h2>Login</h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
    <label for="username">Username:</label>
    <input type="text" name="username" value="<?php echo $username; ?>">
    <span class="error"><?php echo $usernameErr; ?></span>
    <br><br>

    <label for="password">Password:</label>
    <input type="password" name="password">
    <span class="error"><?php echo $passwordErr; ?></span>
    <br><br>

    <input type="submit" name="submit" value="Login">
</form>

</body>
</html>
Leave a Comment