-
Notifications
You must be signed in to change notification settings - Fork 0
/
signIn.php
126 lines (98 loc) · 2.89 KB
/
signIn.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
/**********************************************************
* File: signIn.php
* Author: Br. Burton
*
* Description: This page has a form for the user to sign in.
*
* In this case, to show another approach, we will have this
* page have two purposes, it will have the form for signing
* in, but it will also have the logic to check a username
* and password and redirect the user to the home page if
* everything checks out. Thus it will post to itself.
***********************************************************/
require("password.php"); // used for password hashing.
session_start();
$badLogin = false;
// First check to see if we have post variables, if not, just
// continue on as always.
if (isset($_POST['txtUser']) && isset($_POST['txtPassword']))
{
// they have submitted a username and password for us to check
$username = $_POST['txtUser'];
$password = $_POST['txtPassword'];
// Get the hashed password from the DB
// It would be better to store these in a different file
$dbUser = 'ta6user';
$dbPass = 'ta6pass';
$dbName = 'LoginTest';
$dbHost = '127.0.0.1'; // for my configuration, I need this rather than 'localhost'
try
{
// Create the PDO connection
$db = new PDO("mysql:host=$dbHost;dbname=$dbName", $dbUser, $dbPass);
// this line makes PDO give us an exception when there are problems, and can be very helpful in debugging!
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$query = 'SELECT password FROM login WHERE username=:username';
$statement = $db->prepare($query);
$statement->bindParam(':username', $username);
$result = $statement->execute();
if ($result)
{
$row = $statement->fetch();
$hashedPasswordFromDB = $row['password'];
// now check to see if the hashed password matches
if (password_verify($password, $hashedPasswordFromDB))
{
// password was correct, put the user on the session, and redirect to home
$_SESSION['username'] = $username;
header("Location: home.php");
die(); // we always include a die after redirects.
}
else
{
$badLogin = true;
}
}
else
{
$badLogin = true;
}
}
catch (Exception $ex)
{
// Please be aware that you don't want to output the Exception message in
// a production environment
echo "Error with DB. Details: $ex";
die();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Sign In</title>
</head>
<body>
<div>
<?php
if ($badLogin)
{
echo "Incorrect username or password!<br /><br />\n";
}
?>
<h1>Please sign in below:</h1>
<form id="mainForm" action="signIn.php" method="POST">
<input type="text" id="txtUser" name="txtUser"></input>
<label for="txtUser">Username</label>
<br /><br />
<input type="password" id="txtPassword" name="txtPassword"></input>
<label for="txtPassword">Password</label>
<br /><br />
<input type="submit" value="Sign In" />
</form>
<br /><br />
Or <a href="signUp.php">Sign up</a> for a new account.
</div>
</body>
</html>