Commit 5cb1cad4 by sopham

comment code, add error report

parent 142cce75
......@@ -35,7 +35,7 @@ if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
echo "Incorrect password";
}
}
else echo 'Incorrect username';
//close the statement
$stmt->close();
}
......
......@@ -9,7 +9,7 @@ if(!isset($_SESSION['loggedin'])) {
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
//redirect to the login page
header('Location: login_page.html');
header('Location: login_page.php');
}
?>
<!DOCTYPE html>
......
<?php
session_start();
//include the database connection data
require_once "dbconnection.php";
//define error variable
$err = "";
if($_SERVER["REQUEST_METHOD"] == "POST") {
//make the query
if ($stmt = $link->prepare('SELECT ID,password FROM users WHERE username= ?')) {
//bind user input to query
$stmt->bind_param('s', trim($_POST['username']));
//execute query
if($stmt->execute()){
//transfer a result set from last query
$stmt->store_result();
//if there is no matched result, no such user exists in the database
if ($stmt->num_rows > 0) {
//bind variables to a prepared statement for result storage
$stmt->bind_result($id, $password);
//fetch results from the prepared statement to bound variables
$stmt->fetch();
//if password is correct, establish session
if (trim($_POST['password']) === $password) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
header('Location:index.php');
} else {
$err = "Incorrect password!";
}
}
else $err = 'No user found!';
}
//close the statement
$stmt->close();
}
}
//close the connection
$link->close();
?>
<!DOCTYPE html>
<html lang="en">
<head>
......@@ -8,7 +62,8 @@
<div class="row">
<div class="column">
<div class="card">
<form name="input" action="authentication.php" method="POST">
<form name="input" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="POST">
<span class="help-block"><?php echo $err;?></span><br>
<label for="username">Username</label>
<input type="text" id="username" name="username" pattern="[a-zA-Z][a-zA-Z0-9-_\.]{1,20}" required>
<br>
......
......@@ -12,5 +12,5 @@ $params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
//redirect to login page
header("Location: login_page.html");
header("Location: login_page.php");
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment