Commit 5cb1cad4 by sopham

comment code, add error report

parent 142cce75
...@@ -35,7 +35,7 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) { ...@@ -35,7 +35,7 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
echo "Incorrect password"; echo "Incorrect password";
} }
} }
else echo 'Incorrect username';
//close the statement //close the statement
$stmt->close(); $stmt->close();
} }
......
...@@ -9,7 +9,7 @@ if(!isset($_SESSION['loggedin'])) { ...@@ -9,7 +9,7 @@ if(!isset($_SESSION['loggedin'])) {
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly'])); setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
//redirect to the login page //redirect to the login page
header('Location: login_page.html'); header('Location: login_page.php');
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
......
<?php
session_start();
//include the database connection data
require_once "dbconnection.php";
//define error variable
$err = "";
if($_SERVER["REQUEST_METHOD"] == "POST") {
//make the query
if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
//bind user input to query
$stmt->bind_param('s', trim($_POST['username']));
//execute query
if($stmt->execute()){
//transfer a result set from last query
$stmt->store_result();
//if there is no matched result, no such user exists in the database
if ($stmt->num_rows > 0) {
//bind variables to a prepared statement for result storage
$stmt->bind_result($id, $password);
//fetch results from the prepared statement to bound variables
$stmt->fetch();
//if password is correct, establish session
if (trim($_POST['password']) === $password) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
header('Location:index.php');
} else {
$err = "Incorrect password!";
}
}
else $err = 'No user found!';
}
//close the statement
$stmt->close();
}
}
//close the connection
$link->close();
?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
...@@ -8,15 +62,16 @@ ...@@ -8,15 +62,16 @@
<div class="row"> <div class="row">
<div class="column"> <div class="column">
<div class="card"> <div class="card">
<form name="input" action="authentication.php" method="POST"> <form name="input" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST">
<label for="username">Username</label> <span class="help-block"><?php echo $err;?></span><br>
<input type="text" id="username" name="username" pattern="[a-zA-Z][a-zA-Z0-9-_\.]{1,20}" required> <label for="username">Username</label>
<br> <input type="text" id="username" name="username" pattern="[a-zA-Z][a-zA-Z0-9-_\.]{1,20}" required>
<label for="password">Password&nbsp</label> <br>
<input type="password" id="password" name="password" autocomplete="off" required> <label for="password">Password&nbsp</label>
<br> <input type="password" id="password" name="password" autocomplete="off" required>
<input type="submit" name="submit" value="Login"> <br>
</form> <input type="submit" name="submit" value="Login">
</form>
</div> </div>
</div> </div>
</div> </div>
......
...@@ -12,5 +12,5 @@ $params = session_get_cookie_params(); ...@@ -12,5 +12,5 @@ $params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly'])); setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
//redirect to login page //redirect to login page
header("Location: login_page.html"); header("Location: login_page.php");
?> ?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment