inkletblot/inkletblot-com-v1
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2025-12-28. You can view files and clone it, but cannot push or open issues or pull requests.
c05005dc16
inkletblot-com-v1/php forum/signin.php
inkletblot dfdde50b24 initial commit
2019-12-02 12:10:45 +10:30

104 lines
3.2 KiB
PHP
Raw Blame History

<?php
//signin.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign in</h3><br />';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signedIn']) && $_SESSION['signedIn'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="userName" /><br />
Password: <input type="password" name="userPass"><br />
<input type="submit" value="Sign in" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['userName']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['userPass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT userNo, userName, userLevel
FROM users
WHERE userName = ? AND userPass = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('ss', $_POST['userName'], sha1($_POST['userPass']));
$stmt->execute();
if(!$result = $stmt->get_result())
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo $conn->error; //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if($result->num_rows == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signedIn'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = $result->fetch_assoc())
{
$_SESSION['userNo'] = $row['userNo'];
$_SESSION['userName'] = $row['userName'];
$_SESSION['userLevel'] = $row['userLevel'];
}
echo 'Welcome, ' . htmlentities($_SESSION['userName'], ENT_QUOTES | ENT_HTML5, 'UTF-8') . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
}
}
}
}
}
include 'footer.php';
?>
Reference in New Issue View Git Blame Copy Permalink