Server IP : 68.65.122.142 / Your IP : 3.16.217.218 Web Server : LiteSpeed System : Linux server167.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64 User : glenirhm ( 1318) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /home/glenirhm/.razor/../mygc.glenbowcollege.ca/admin/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
<?php session_start(); include('../common/connect.php'); // Now we check if the data from the login form was submitted, isset() will check if the data exists. if ( !isset($_POST['username'], $_POST['password']) ) { // Could not get the data that should have been sent. exit('Please fill both the username and password fields!'); } // Prepare our SQL, preparing the SQL statement will prevent SQL injection. if ($stmt = $con->prepare('SELECT activation_code, id, password FROM administrator WHERE username = ?')) { // Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s" $stmt->bind_param('s', $_POST['username']); $stmt->execute(); // Store the result so we can check if the account exists in the database. $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($activation_code, $id, $password); $stmt->fetch(); // Account exists, now we verify the password. // Note: remember to use password_hash in your registration file to store the hashed passwords. if ($activation_code == 'activated') { // account is activated // Display home page etc if (password_verify($_POST['password'], $password)) { // Verification success! User has logged-in! // Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server. session_regenerate_id(); $_SESSION['loggedin'] = TRUE; $_SESSION['name'] = $_POST['username']; $_SESSION['id'] = $id; header('Location: home.php'); } else { // Incorrect password echo 'Incorrect username and/or password!'; } } else { // account is not activated // redirect user or display an error echo 'Account not activated!'; } } else { // Incorrect username echo 'Incorrect username and/or password!'; } $stmt->close(); } ?>