-
Notifications
You must be signed in to change notification settings - Fork 1
/
authenticate.php
40 lines (36 loc) · 1.24 KB
/
authenticate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<?php
session_start();
include_once 'php/config.php';
// Check if user is logged in
if(!isset($_POST['adminUser'], $_POST['adminPswd'])) {
// If the user isn't logged in, show this
die("Please fill both the username and password field!");
}
// Prepare SQL, preparing statement will prevent SQL injection
if($stmt = $link->prepare('SELECT id, password, stafflevel FROM staffaccounts WHERE username = ?')) {
// Bind parameters
$stmt->bind_param('s', $_POST['adminUser']);
$stmt->execute();
// Store result
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password, $stafflevel);
$stmt->fetch();
// Account exists, now verify password
if(password_verify($_POST['adminPswd'], $password)) {
// Verified, user logged in
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['adminUser'];
$_SESSION['id'] = $id;
$_SESSION['stafflevel'] = $stafflevel;
header('Location: admin.php');
} else {
echo "Incorrect password!";
}
} else {
echo "Incorrect username!";
}
$stmt->close();
}
?>