Advanced Search

Login & Start Session

/ Published in: PHP
Save to your folder(s)

Expand | Embed | Plain Text

Copy this code and paste it in your HTML 
  1. <?php
  2. // start session
  3. session_start();
  4. if (array_key_exists('username', $_SESSION)) {
  5.     // user already authenticated
  6.     header('location: index.php');
  7. }
  8.  
  9. if ($_POST) {
  10.  
  11.     if (array_key_exists('username', $_POST)) {
  12.         require_once('codes/dal.php');
  13.         $dal = new DataAccessLayer();
  14.  
  15.         $user =  trim($_POST['username']);
  16.         $pass = trim($_POST['password']);
  17.         $pass = bin2hex(md5($pass, TRUE ));
  18.  
  19.         // join the 'users' and 'roles' tables
  20.         $sql = 'select '
  21.              . 'u.id '
  22.              . ',u.username '
  23.              . ',u.password '
  24.              . ',u.role_id '
  25.              . ',r.name '
  26.              . ',u.full_name '
  27.              . ',u.email '
  28.              . ',u.description '
  29.              . 'from users as u '
  30.              . 'join roles as r on u.role_id = r.id '
  31.              . 'where u.username = \'' . $user . '\'';
  32.  
  33.         $result = $dal->query($sql);
  34.  
  35.         if ($result->num_rows > 0) {
  36.             $row = $result->fetch_assoc();
  37.             if ($pass == $row['password']) {
  38.                 // create session variables
  39.                 $_SESSION['user_id'] = $row['id'];
  40.                 $_SESSION['username'] = $row['username'];
  41.                 $_SESSION['full_name'] = $row['full_name'];
  42.                 $_SESSION['role_id'] = $row['role_id'];
  43.                 $_SESSION['role_name'] = $row['name'];
  44.                 $_SESSION['email'] = $row['email'];
  45.                 $_SESSION['password'] = $row['password'];
  46.  
  47.                 // check if password is default
  48.                 if($pass == bin2hex(md5('pass', TRUE ))) {
  49.                     $_SESSION['default'] = true;
  50.                     // login successful - but password needs to be changed
  51.                     header('location: users/change_password.php');
  52.                 } else {
  53.                     // login successful - redirect to home page
  54.                     header('location: index.php');
  55.                 }
  56.             } else {
  57.                 $err = '<tr><td colspan="2">'
  58.                      . '<div class="error-message">The username and/or password you entered is invalid.</div>'
  59.                      . '</td></tr>';    
  60.             }
  61.  
  62.         } else {
  63.             $err = '<tr><td colspan="2">'
  64.                  . '<div class="error-message">The username and/or password you entered is invalid.</div>'
  65.                  . '</td></tr>';
  66.         }
  67.     }
  68. }
  69. ?>

Report this snippet


Comments

RSS Icon Subscribe to comments

You need to login to post a comment.