|
|
|
<?php
|
|
|
|
// Initialize the session
|
|
|
|
session_start();
|
|
|
|
|
|
|
|
// Check if the user is already logged in, if yes then redirect him to welcome page
|
|
|
|
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
|
|
|
|
header("location: index.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Include config file
|
|
|
|
require_once("model/db.php");
|
|
|
|
|
|
|
|
// Define variables and initialize with empty values
|
|
|
|
$username = $password = "";
|
|
|
|
$username_err = $password_err = $login_err = "";
|
|
|
|
if($_POST["name"] != null){
|
|
|
|
session_start();
|
|
|
|
$_SESSION["wrongCr"] = true;
|
|
|
|
header("location: index.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
if(!empty(trim($_POST["password"]))){
|
|
|
|
session_start();
|
|
|
|
$_SESSION["wrongCr"] = true;
|
|
|
|
header("location: index.php");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Processing form data when form is submitted
|
|
|
|
if($_SERVER["REQUEST_METHOD"] == "POST"){
|
|
|
|
|
|
|
|
// Check if username is empty
|
|
|
|
if(empty(trim($_POST["prihlasovaciJmeno"]))){
|
|
|
|
$username_err = "Please enter username.";
|
|
|
|
} else{
|
|
|
|
$username = trim($_POST["prihlasovaciJmeno"]);
|
|
|
|
}
|
|
|
|
// Check if password is empty
|
|
|
|
if(empty(trim($_POST["prihlasovaciHeslo"]))){
|
|
|
|
$password_err = "Please enter your password.";
|
|
|
|
session_start();
|
|
|
|
$_SESSION["wrongCr"] = true;
|
|
|
|
header("location: index.php");
|
|
|
|
} else{
|
|
|
|
$password = trim($_POST["prihlasovaciHeslo"]);
|
|
|
|
}
|
|
|
|
// Validate credentials
|
|
|
|
if(empty($username_err) && empty($password_err)){
|
|
|
|
// Prepare a select statement
|
|
|
|
$sql = "SELECT id, nick, password FROM user WHERE nick = :username";
|
|
|
|
if($stmt = $pdo->prepare($sql)){
|
|
|
|
// Bind variables to the prepared statement as parameters
|
|
|
|
$stmt->bindParam(":username", $param_username, PDO::PARAM_STR);
|
|
|
|
|
|
|
|
// Set parameters
|
|
|
|
$param_username = trim($_POST["prihlasovaciJmeno"]);
|
|
|
|
// Attempt to execute the prepared statement
|
|
|
|
if($stmt->execute()){
|
|
|
|
// Check if username exists, if yes then verify password
|
|
|
|
if($stmt->rowCount() == 1){
|
|
|
|
if($row = $stmt->fetch()){
|
|
|
|
$id = $row["id"];
|
|
|
|
$username = $row["nick"];
|
|
|
|
$hashed_password = $row["password"];
|
|
|
|
if(password_verify($password, $hashed_password)){
|
|
|
|
// Password is correct, so start a new session
|
|
|
|
session_start();
|
|
|
|
|
|
|
|
// Store data in session variables
|
|
|
|
$_SESSION["loggedin"] = true;
|
|
|
|
$_SESSION["id"] = $id;
|
|
|
|
$_SESSION["username"] = $username;
|
|
|
|
$_SESSION["wrongCr"] = false;
|
|
|
|
|
|
|
|
// Redirect user to welcome page
|
|
|
|
//header("location: welcome.php");
|
|
|
|
header("location: index.php");
|
|
|
|
} else{
|
|
|
|
// Password is not valid, display a generic error message
|
|
|
|
session_start();
|
|
|
|
$_SESSION["wrongCr"] = true;
|
|
|
|
header("location: index.php");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else{
|
|
|
|
// Username doesn't exist, display a generic error message
|
|
|
|
session_start();
|
|
|
|
$_SESSION["wrongCr"] = true;
|
|
|
|
header("location: index.php");
|
|
|
|
}
|
|
|
|
} else{
|
|
|
|
session_start();
|
|
|
|
$_SESSION["wrongCr"] = true;
|
|
|
|
header("location: index.php");
|
|
|
|
}
|
|
|
|
|
|
|
|
// Close statement
|
|
|
|
unset($stmt);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Close connection
|
|
|
|
unset($pdo);
|
|
|
|
}
|
|
|
|
?>
|