LOGIN.INC.PHP
<?php
if(isset($_POST["loginToSite"])){
$username = $_POST["deputyUsername"];
$pwd = $_POST["deputyPWD"];
require_once 'dbh.inc.php';
require_once 'functions.inc.php';
if(emptyInputLogin( $username, $pwd)===true){
header("location:../index.php?error=emptyInput");
exit();
}
loginUser($conn, $username, $pwd);
}else{
header("location:../index.php?error=none");
exit();
}
?>
FUNCTIONS.INC.PHP
<?php
function emptyInputSignup($userRank, $userFirstName, $userLastName, $userID, $userUsername, $userPassword, $userPasswordRepeat, $userAgencyEmail){
$result;
if(empty($userRank) || empty($userFirstName) || empty($userLastName) || empty($userID) || empty($userUsername) || empty($userPassword) || empty($userPasswordRepeat)|| empty($userAgencyEmail)){
$result = true;
}else{
$result = false;
}
return $result;
}
function invalidUsername ($userUsername){
$result;
if(!preg_match("/^[a-zA-Z0-9]*$/", $userUsername)){
$result = true;
}else{
$result = false;
}
return $result;
}
function invalidEmail($userAgencyEmail){
$result;
if(!filter_var($userAgencyEmail, FILTER_VALIDATE_EMAIL)){
$result = true;
}else{
$result = false;
}
return $result;
}
function pwdMatch($userPassword, $userPasswordRepeat){
$result;
if($userPassword !== $userPasswordRepeat){
$result = true;
}else{
$result = false;
}
return $result;
}
function usernameExists($conn, $userUsername){
$sql ="SELECT * FROM users WHERE usersUsername = ? OR usersEmail = ?;";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("location:../php/signup.php?error=stmtfailed");
exit();
}
mysqli_stmt_bind_param($stmt, "s", $userUsername);
mysqli_stmt_execute($stmt);
$resultData = mysqli_stmt_get_result($stmt);
if($row = mysqli_fetch_assoc($resultData)){
return $row;
}else{
$result = false;
return $result;
}
mysqli_stmt_close($stmt);
}
function registerUser($conn, $userRank, $userFirstName, $userLastName, $userID, $userUsername, $userPassword, $userAgencyEmail){
$sql ="INSERT INTO users (usersRank, usersFirstName, usersLastName, usersID, usersUsername, usersPassword, usersEmail) VALUES (?, ?, ?, ?, ?, ?, ?);";
$stmt = mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt, $sql)){
header("location:../php/signup.php?error=stmtfailed");
exit();
}
$hashedUserPassword = password_hash($userPassword, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sssssss", $userRank, $userFirstName, $userLastName, $userID, $userUsername, $hashedUserPassword, $userAgencyEmail);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
header("location:../php/signup.php?error=none");
exit();
}
function emptyInputLogin($userUsername, $userPassword){
$result;
if(empty($userUsername) || empty($userPassword)){
$result = true;
}else{
$result = false;
}
return $result;
}
function loginUser($conn, $userUsername, $userPassword){
$usernameExists = usernameExists($conn, $userUsername);
if ($usernameExists === false){
header("location:../index.php?error=incorrectUsername");
exit();
}
$hashedPassword = $usernameExists["usersPassword"];
$checkPassword = password_verify($userPassword, $hashedPassword);
if($checkPassword ===false){
header("location:../index.php?error=incorrectPassword");
exit();
}elseif($checkPassword ===true){
session_start();
$_SESSION["ID"] = $usernameExists["id"];
$_SESSION["rank"] = $usernameExists["usersRank"];
$_SESSION["firstName"] = $usernameExists["usersFirstName"];
$_SESSION["lastName"] = $usernameExists["usersLastName"];
$_SESSION["payroll"] = $usernameExists["usersID"];
$_SESSION["ID"] = $usernameExists["usersUsername"];
$_SESSION["email"] = $usernameExists["usersEmail"];
header("location:../index.php?error=none");
exit();
}
}
?>
LOGIN FORM:
<form action="includes/login.inc.php" method="post">
<table>
<tr name="employee">
<td><b><font color="white">Username:<br><br><input type="text" id="deputyRank" name="deputyUsername"></b></font><br></td>
<td><b><font color="white">Password:<br><br><input id="resizePWD" type="password" name="deputyPWD"></b></font><br></td>
<td><br><br><input type="submit" value="Login" id="LoginToSite" name="loginToSite"></td>
</tr>
</table>
<?php
if (isset($_GET["error"])){
if ($_GET["error"] == "emptyInput"){
echo "<p><font color='white'>Please fill out all fields.</font></p>";
}else if ($_GET["error"] == "wronglogin"){
echo "<p><font color='white'>Incorrect login credentials.</font></p>";
}else if ($_GET["error"] == "incorrectUsername"){
echo "<p><font color='white'>Incorrect username.</font></p>";
}else if ($_GET["error"] == "incorrectPassword"){
echo "<p><font color='white'>Incorrect password.</font></p>";
}
}
?>
</form>
Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.