52 lines
1.5 KiB
PHP
52 lines
1.5 KiB
PHP
<?php
|
|
include 'db_connection.php';
|
|
session_start();
|
|
|
|
if (isset($_SESSION['username'])) {
|
|
header("Location: index.php"); // Redirect to a logged-in page
|
|
exit();
|
|
}
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
$username = sanitize_input($_POST['username']);
|
|
$password = sanitize_input($_POST['password']);
|
|
|
|
$sql = "SELECT id, username, password FROM User WHERE username='$username'";
|
|
$result = $conn->query($sql);
|
|
|
|
if ($result->num_rows == 1) {
|
|
$row = $result->fetch_assoc();
|
|
if (password_verify($password, $row['password'])) {
|
|
$_SESSION['username'] = $row['username'];
|
|
$_SESSION['user_id'] = $row['id'];
|
|
header("Location: index.php"); // Redirect after successful login
|
|
exit();
|
|
} else {
|
|
$login_error = "Invalid username or password.";
|
|
}
|
|
} else {
|
|
$login_error = "Invalid username or password.";
|
|
}
|
|
}
|
|
|
|
$conn->close();
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Login</title>
|
|
</head>
|
|
<body>
|
|
<h2>Login</h2>
|
|
<?php if (isset($login_error)): ?>
|
|
<p style="color:red;"><?php echo $login_error; ?></p>
|
|
<?php endif; ?>
|
|
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
|
|
Username: <input type="text" name="username" required><br><br>
|
|
Password: <input type="password" name="password" required><br><br>
|
|
<input type="submit" value="Login">
|
|
</form>
|
|
<p>Don't have an account? <a href="register.php">Register here</a></p>
|
|
</body>
|
|
</html>
|