User Login (Sign in)

2023-01-11 13:38:01 +06:30 · 2023-01-11 13:38:01 +06:30 · 73d97f9f1d
commit 73d97f9f1d
parent 564166bb0a
4 changed files with 98 additions and 9 deletions
--- a/images/1673341320avatar15.jpg
+++ b/images/1673341320avatar15.jpg
--- a/signin-logic.php
+++ b/signin-logic.php
@ -0,0 +1,55 @@
+<?php
+require "config/database.php";
+
+session_start();
+
+if(isset($_POST['submit'])){
+    $username_email = filter_var($_POST['username_email'] , FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    $password = filter_var(($_POST['password']), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    if(!$username_email){
+        $_SESSION['signin'] = 'Username or Email is Inccorrect';
+    }
+    elseif(!$password){
+        $_SESSION['signin'] = 'Password required';
+    }else{  
+        // fetch user from database
+        $fetch_user_query = "SELECT * FROM users WHERE username = '$username_email' OR email = '$username_email'";
+        $fetch_user_result = mysqli_query($connection, $fetch_user_query);
+        if(mysqli_num_rows($fetch_user_result) == 1){
+            //convert the record into assoc array
+            $user_record=mysqli_fetch_assoc($fetch_user_result);
+            $db_password = $user_record['password'];
+
+            // compare form password with database password
+            if(password_verify($password,$db_password)){
+                // set session for access control
+                $_SESSION['user-id'] = $user_record['id'];
+
+                //set session if user is  admin
+                if($user_record['is_admin']==1){
+                    $_SESSION['user_is_admin'] == true;
+                }
+                //log in user
+                header('location: ' . ROOT_URL . 'admin/');
+                
+            }else{
+                $_SESSION['signin'] = "Please check your input";
+            }
+        }else{
+            $a = mysqli_num_rows($fetch_user_result);
+            echo mysqli_num_rows($fetch_user_result);
+            $_SESSION['signin'] = "User Not found";
+        }
+    }
+
+    //if any problem, redirect back to signin page
+    if(isset($_SESSION['signin'])){
+        $_SESSION['signin-data'] = $_POST;
+        header('location: ' . ROOT_URL . 'signin.php');
+        die();
+    }
+
+}else{
+    header('location: ' . ROOT_URL . "signin.php");
+    die();
+}
--- a/signin.php
+++ b/signin.php
@ -1,3 +1,13 @@
+<?php
+session_start();
+include 'config/constants.php';
+
+$username_email = $_SESSION['signin-data']['username_email'] ??null ;
+$password = $_SESSION['signin-data']['password'] ??  null;
+
+unset($_SESSION['signin-data']);
+
+?>
 <!DOCTYPE html>
 <html lang="en">
 <head>
@ -18,15 +28,39 @@
 <section class="form__section">

    <div class="container form__section-container">
-        <h2>Sign In</h2>
-        <div class="alert__message success">
-            <p>This is an success message</p>
-        </div>
-        <form action="">
-            <input type="text" placeholder="Username or Email">
-            <input type="password" placeholder=" Password">
+        <h2>Sign In</h2> 

-            <button type="submit" class="btn">Sign in</button>
+        
+        <?php if(isset($_SESSION['signin-success'])): ?>
+        
+        <div class="alert__message success">
+            <p>
+                <?=$_SESSION['signin-success'];
+                unset($_SESSION['signin-success']); 
+                ?>
+            </p>
+        </div>
+
+        
+        <?php elseif(isset($_SESSION['signin'])): ?>
+        
+        <div class="alert__message error">
+            <p>
+                <?=$_SESSION['signin'];
+                unset($_SESSION['signin']); 
+                ?>
+            </p>
+        </div>
+
+        <?php endif ?>
+
+
+
+        <form action="<?= ROOT_URL ?>signin-logic.php" method="POST">
+            <input type="text"     name="username_email"  value = '<?= $username_email ?>' placeholder="Username or Email">
+            <input type="password" name="password"        value = '<?= $password ?>' placeholder=" Password">
+
+            <button type="submit" class="btn"  name ="submit"   >Sign in</button>
            <small>Don't have an account? <a href="signup.php">Sign up</a></small>
        </form>
    </div>
--- a/signup.php
+++ b/signup.php
@ -51,7 +51,7 @@ unset($_SESSION['signup-data']);
        <form action="<?=ROOT_URL?>signup-logic.php" enctype="multipart/form-data" method="POST">
            <input type="text"     name ="firstname"       value ="<?= $firstname?>"  placeholder="First Name">
            <input type="text"     name ="lastname"        value ="<?= $lastname?>"  placeholder="Last Name">
-            <input type="text"     name ="username"        value ="<?= $username      ?>"  placeholder="Username">
+            <input type="username"     name ="username"        value ="<?= $username      ?>"  placeholder="Username">
            <input type="email"    name ="email"           value ="<?= $email          ?>"  placeholder="email">
            <input type="password" name ="createpassword"  value ="<?= $createpassword ?>"  placeholder="Password">
            <input type="password" name ="confirmpassword" value ="<?= $confirmpassword?>"  placeholder="Confirm Password">