MyHyvesBookPlus/WebDB
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Almost finished login/register page

Browse Source
This commit is contained in:
Joey Lai
2017-01-18 12:35:41 +01:00
parent 51378bf386
commit afcd048260
7 changed files with 113 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
website/public/login.php
View File

@@ -1,7 +1,9 @@
<!DOCTYPE html>
<html>
<?php
include("../views/login_head.php");
include("../views/login_head.php");
include_once("../queries/connect.php");
include_once("../queries/login.php");
?>
<body>
<?php
@@ -11,7 +13,6 @@ include("../views/login_head.php");
$uname = $psw ="";
$loginErr ="";
// Trying to login
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Empty username or password field
@@ -22,47 +23,19 @@ include("../views/login_head.php");
else {
$uname=$_POST["uname"];
$psw=$_POST["psw"];
// Protection against MySQL injections
$uname = stripslashes($uname);
$psw = stripslashes($psw);
$uname = mysql_real_escape_string($uname);
$psw = mysql_real_escape_string($psw);
// Database information
$servername = "agile136.science.uva.nl";
$username = "mhbp";
$password = "qdtboXhCHJyL2szC";
// Creates connection
$conn = new mysqli($servername, $username, $password);
// Selects database
$db = mysql_select_db("company", $connection);
// Query for listing all accounts that meets the requirement of the login information
$query = mysql_query("select * from login where password='$psw' AND username='$uname'", $connection);
// Checks if there's an account
$count = mysql_num_rows($query);
$hash=hashPassword()["password"];
// If there's an account, go to the profile page
if($count == 1) {
$_SESSION[$uname] = $uname;
$_SESSION[$userID] = $userID;
if(password_verify($psw, $hash)) {
header("location: myhyvesbookplus.nl/profile.php");
}else {
} else {
$loginErr = "Inloggegevens zijn niet correct";
}
// Closing Connection
mysql_close($connection);
}
}
/* This view adds login view */
include("../views/login-view.php");
?>