Sign in
';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signedIn']) && $_SESSION['signedIn'] == true)
{
echo 'You are already signed in, you can sign out if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['userName']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['userPass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..
';
echo '';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '- ' . $value . '
'; /* this generates a nice error list */
}
echo '
';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT userNo, userName, userLevel
FROM users
WHERE userName = ? AND userPass = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('ss', $_POST['userName'], sha1($_POST['userPass']));
$stmt->execute();
if(!$result = $stmt->get_result())
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo $conn->error; //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if($result->num_rows == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signedIn'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = $result->fetch_assoc())
{
$_SESSION['userNo'] = $row['userNo'];
$_SESSION['userName'] = $row['userName'];
$_SESSION['userLevel'] = $row['userLevel'];
}
echo 'Welcome, ' . htmlentities($_SESSION['userName'], ENT_QUOTES | ENT_HTML5, 'UTF-8') . '.
Proceed to the forum overview.';
}
}
}
}
}
include 'footer.php';
?>