-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.inc.php
46 lines (41 loc) · 1.56 KB
/
login.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<?php
if (!isset($_POST['login-submit'])) :
exit('File cannot be directly accessed.');
endif;
require "./connection.inc.php";
// Define POST data variables
$email = $_POST['email'];
$password = $_POST['pwd'];
// Start validation
if (empty($email) || empty($password)) :
header("Location: ../login.php?error=emptyFields");
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) :
header("Location: ../login.php?error=invalidemail&uid=" . $email);
else :
// Validation passed, continue with authentication
// Check if the email exists in the database
$sql = "SELECT id, email, password, username, user_join, user_role FROM users WHERE email = :email";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->execute();
$user = $stmt->fetch();
if ($user) :
// Verify the password
if (password_verify($password, $user['password'])) :
session_start();
$_SESSION['userId'] = $user['id'];
$_SESSION['userEmail'] = $user['email'];
$_SESSION['userUsername'] = $user['username'];
$_SESSION['userJoin'] = $user['user_join']; // Store the join date in the session
$_SESSION['userRole'] = $user['user_role'];
header("Location: ../dashboard.php?loggedIn=true");
exit();
else :
header("Location: ../login.php?error=emailPasswordInvalid=true");
exit();
endif;
else :
header("Location: ../login.php?error=emailPasswordInvalid=true");
exit();
endif;
endif;