<pre><?php session_start(); // Check if the user is already logged in, if yes then redirect him to welcome page if(isset($_POST["email"]) && $_POST["password"] === true){ header("location: welcome.php"); exit; } // Include config file include "config.php"; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $email = mysqli_real_escape_string($conn , $_POST['email']); $password = mysqli_real_escape_string($conn , $_POST['password']); // link voor de prepared statemts met select https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php $sql = 'SELECT * FROM users WHERE email = ?'; $stmt = $conn->prepare($sql); $stmt->bind_param("s", $email); $stmt->execute(); $result = $stmt->get_result(); // get the mysqli result if ($row = $result->fetch_assoc()) { if (password_verify($password, $row['password'])) { // login $_SESSION['loggedin'] = true; $_SESSION['ID'] = $row['ID']; $_SESSION['username'] = $row['username']; $_SESSION['name'] = $row['name']; $_SESSION['email'] = $email; header("Location: welcome.php"); }else { $message = "Invalid password or username"; echo '<script language="javascript">'; echo "alert('$message');\n"; echo 'window.location.href="login.php"'; //Redirects the user with JavaScript echo '</script>'; } $conn->close(); }else{ $message = "Invalid password or username"; echo '<script language="javascript">'; echo "alert('$message');\n"; echo 'window.location.href="login.php"'; //Redirects the user with JavaScript echo '</script>'; } } ?>
<?php session_start(); if(!isset($_SESSION['id'])){ //if (isset($_SESSION['loggedin']) && $_SESSION['username'] == $username) { echo "Welcome to the member's area, " . $_SESSION['email'] . "!"; }
$row['username']
select * from ...
mysqli_real_escape_string
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)