-
Notifications
You must be signed in to change notification settings - Fork 0
/
authenticate.php
58 lines (44 loc) · 1.39 KB
/
authenticate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
// Include the database
require('config.php');
// Start the session
session_start();
// Check if the data from the login form was submitted, isset() will check if the data exists
if (!isset($_POST['username'], $_POST['password'])) { die ('Please fill the username and password fields!'); }
// Prepare the SQL statement
if ($stmt = $con->prepare('SELECT userid, password, type FROM users WHERE username = ?')) {
// Bind the parameters and execute the query
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
// Check if the username exists in the database
if ($stmt->num_rows > 0) {
// Load the 'userid', 'password' and 'type' of the account
$stmt->bind_result($id, $password, $type);
$stmt->fetch();
// Terminate the SQL statement
$stmt->close();
// Verify the password
if ($_POST['password'] === $password) {
// Remember the login information for this session
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
// $con->close();
// Go to the appropriate page based on the type of the account
if ($type === 0) {
// Go to the admin dashboard
header('Location: admin.php');
} else {
// Go to the user dashboard
header('Location: user.php');
}
} else {
die('Incorrect password!');
}
} else {
die('Incorrect username!');
}
}
?>