Viewing File: /home/quiczmwg/bitmaven.org/authenticator/login-process.php
<?php
// Include your database connection file (e.g., _db.php)
@session_start();
require_once("../_db.php");
// Validate user input
function validateInput($email, $password) {
$errors = [];
if (empty($email) || empty($password)) {
$errors[] = 'Enter all fields';
}
return $errors;
}
// Check if the form is submitted
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = $_POST['email'];
$password = $_POST['password'];
// Validate user input
$errors = validateInput($email, $password);
if (!empty($errors)) {
header('Location: ../signin.php?status=error&message=' . implode(' ', $errors));
exit();
}
// Check if the user exists
$loginQuery = "SELECT email, password, userid, full_name, status FROM user_login WHERE email = ?";
$loginStmt = $conn->prepare($loginQuery);
if ($loginStmt) {
$loginStmt->bind_param("s", $email);
$loginStmt->execute();
$result = $loginStmt->get_result();
if ($result->num_rows > 0) {
$user = $result->fetch_assoc();
$loginStmt->close();
// Verify the password
if (password_verify($password, $user['password'])) {
// Regenerate session ID to prevent session fixation attacks
session_regenerate_id(true);
// Start the session with user details
$_SESSION['userid'] = $user['userid'];
$_SESSION['email'] = $user['email'];
$_SESSION['full_name'] = $user['full_name'];
$_SESSION['status'] = $user['status'];
// Debugging information
error_log("User logged in: " . print_r($_SESSION, true));
header('Location: ../dashboard.php');
exit();
} else {
header('Location: ../signin.php?status=error&message=Incorrect password');
exit();
}
} else {
$loginStmt->close();
header('Location: ../signin.php?status=error&message=User not found');
exit();
}
} else {
header('Location: ../signin.php?status=error&message=Error in database query: ' . $conn->error);
exit();
}
} else {
header('Location: ../signin.php?status=error&message=Invalid request');
exit();
}
?>
Back to Directory
File Manager
<