-
Notifications
You must be signed in to change notification settings - Fork 1
/
login.php
56 lines (43 loc) · 1.59 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
/* User login process, checks if user exists and password is correct */
// Escape email to protect against SQL injections
$email = $mysqli->escape_string($_POST['email']);
$result = $mysqli->query("SELECT * FROM users WHERE email='$email'");
if ( $result->num_rows == 0 ){ // User doesn't exist
$_SESSION['message'] = "User with that email doesn't exist!";
header("location: error.php");
}
else { // User exists
$user = $result->fetch_assoc();
$result->free();
if ( password_verify($_POST['password'], $user['password']) ) {
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['active'] = $user['active'];
$_SESSION['types'] = $user['types'];
$_SESSION['two_step'] = $user['two_step'];
$_SESSION['user_id'] = $user['id'];
// This is how we'll know the user is logged in
$_SESSION['logged_in'] = true;
if($user['active'] != 1)
{
$_SESSION['message'] = "Please verify your account before login to your account. Check your e-mail!";
header("location: error.php");
}
else
{
if($user['types']== 2) {
header("location: home_student.php");
}
else
{
header("location: home_employee.php");
}
}
}
else {
$_SESSION['message'] = "You have entered wrong password, try again!";
header("location: error.php");
}
}