login-user.php (1906B)
1 <?php 2 3 include_once 'session.php'; 4 if (isset($_POST['submit'])) { 5 include '../config.php'; 6 7 $username = mysqli_real_escape_string($connect, $_POST['username']); 8 $password = mysqli_real_escape_string($connect, $_POST['password']); 9 10 if (empty($username) || empty($password)) { 11 header("Location: ../index.php?login=error"); 12 exit(); 13 14 } else { 15 $sql = "SELECT * FROM user WHERE username='$username'"; 16 $result = mysqli_query($connect, $sql); 17 $check = mysqli_num_rows($result); 18 19 if ($check < 1) { 20 header("Location: ../index.php?login=error"); 21 exit(); 22 } else { 23 if ($row = mysqli_fetch_assoc($result)) { 24 $checkHash = password_verify($password, $row['password']); 25 if ($checkHash == false) { 26 header("Location: ../index.php?login=errorpass"); 27 exit(); 28 } elseif ($checkHash == true) { 29 $_SESSION['uid'] = $row['user_id']; 30 $_SESSION['email'] = $row['email']; 31 $_SESSION['username'] = $row['username']; 32 $_SESSION['date'] = $row['registration_date']; 33 $_SESSION['blocked'] = ord($row['blocked']); 34 $sid = $_SESSION['login-sid']; 35 if (empty($_SESSION['login-sid'])) { 36 header("Location: ../index.php?login=success"); 37 exit(); 38 } else { 39 //unset($_SESSION['login-sid']); 40 //header("Location: ../takesurvey.php?sid=" . $sid); 41 header("Location: ../takesurvey.php?sid=" . $sid); 42 exit(); 43 } 44 } 45 } 46 } 47 } 48 } else { 49 header("Location: ../index.php?login=error"); 50 exit(); 51 52 } 53 54 ?>