50 lines
1.3 KiB
PHP
50 lines
1.3 KiB
PHP
<?php
|
|
session_start();
|
|
$pdo = new PDO('mysql:host=localhost;dbname=usertable', 'usertable', 'password');
|
|
|
|
if(isset($_GET['login'])) {
|
|
$username = $_POST['username'];
|
|
$password = $_POST['password'];
|
|
|
|
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
|
|
$result = $statement->execute(array('username' => $username));
|
|
$user = $statement->fetch();
|
|
|
|
if ($user !== false && password_verify($password, $user['password'])) {
|
|
$_SESSION['userid'] = $user['id'];
|
|
$_SESSION['email'] = $user['email'];
|
|
$_SESSION['username'] = $user['username'];
|
|
$_SESSION['givenName'] = $user['givenName'];
|
|
$_SESSION['lastName'] = $user['lastName'];
|
|
die('successfull. go to: <a href="secure.php">secure page</a>');
|
|
} else {
|
|
$errorMessage = "somethings wrong (maybe wrong password or wrong user)<br>";
|
|
}
|
|
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Login</title>
|
|
</head>
|
|
<body>
|
|
|
|
<?php
|
|
if(isset($errorMessage)) {
|
|
echo $errorMessage;
|
|
}
|
|
?>
|
|
|
|
<form action="?login=1" method="post">
|
|
Your Username:<br>
|
|
<input type="text" size="40" maxlength="250" name="username"><br><br>
|
|
|
|
Your password:<br>
|
|
<input type="password" size="40" name="password"><br>
|
|
|
|
<input type="submit" value="GO">
|
|
</form>
|
|
</body>
|
|
</html>
|