-
Notifications
You must be signed in to change notification settings - Fork 0
/
log.php
43 lines (36 loc) · 1.33 KB
/
log.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "currency";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// Get values from form
$name = $_POST["name"];
$pass = $_POST["pass"];
// Prepare SQL statement using prepared statements to prevent SQL injection
$stmt = $conn->prepare("SELECT pass FROM signup WHERE username = ?");
$stmt->bind_param("s", $name); // 's' specifies the variable type => 'string'
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
// Fetch the hashed password from the database
$row = $result->fetch_assoc();
$hashedPass = $row['pass'];
// Verify the password against the hashed password
if (password_verify($pass, $hashedPass)) {
echo "<script>alert('Login successful!'); window.location.href='your_form_file.html';</script>";
} else {
echo "<script>alert('Login failed: Incorrect password.'); window.location.href='panel.html';</script>";
}
} else {
echo "<script>alert('Login failed: User not found.'); window.location.href='signin.html';</script>";
}
// Close the statement and connection
$stmt->close();
$conn->close();
?>