This repository was archived by the owner on Sep 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.php
More file actions
47 lines (39 loc) · 1.21 KB
/
auth.php
File metadata and controls
47 lines (39 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
session_start();
require_once 'config/dbconstants.php';
class Auth {
private $db;
function __construct() {
$this->db = new mysqli ( DB_HOST, DB_USER, DB_PASS, DB_NAME );
}
function authenticate( $user, $pass, $type ) {
$query = "SELECT user_id, user_password, user_type FROM user WHERE user_name = ?";
$statement = $this->db->prepare($query);
$statement->bind_param("s", $user);
$statement->bind_result( $userid, $userpass, $usertype );
$statement->execute();
$statement->store_result();
$statement->fetch();
if( $statement->num_rows != 1 ) {
$_SESSION['error'] = "Invalid Username and/or Password.";
header( "location:login.php?user="+$type );
} else {
if( $userpass != md5($pass) ) {
$_SESSION['error'] = "Invalid Username and/or Password.";
header( "location:login.php?user="+$type );
} else {
if( $type != $usertype ) {
$_SESSION['error'] = "Invalid Username and/or Password.";
header( "location:login.php?user="+$type );
} else {
$_SESSION['user'] = $userid;
$_SESSION['type'] = $type;
header( "location:users/" );
}
}
}
}
}
$auth = new Auth();
$auth->authenticate( $_POST['username'], $_POST['passwd'], $_POST['usertype'] );
?>