forked from systers/FirstAide-web
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
78 lines (72 loc) · 2.37 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<!--Created by Akanksha
Desc : Login form and also code for checking validating login credentials
-->
<!DOCTYPE html>
<html>
<head>
<title>FirstAide</title>
<link rel="stylesheet" type="text/css" href="css files/loginAndRegistration.css">
<link rel="stylesheet" href="css files/sweetalert.css">
<form method="POST"/>
</head>
<body>
<center>
<div>
<h1 class="text">First Aide</h1>
<hr id="line">
<h2 class="text">A Confidentiality Safety Resource for Peace Corps Volunteers</h2>
</div>
<!--form for login-->
<div class="div">
<table class="tables">
<tr>
<th class="text">Email:</th>
<td><input class="input-box" type="text" id="email" name="email" placeholder="Enter your email address" required/></td>
</tr>
<tr>
<th class="text">Password:</th>
<td><input class="input-box" type="password" id="password" name="password" placeholder="Enter your password" required/></td>
</tr>
</table>
</div>
<div class="div">
<input class="button" type="submit" id="submit" value="Sign in to Account">
<br><br>
<a href="registration.php">Create Account Here</a>
</div>
</center>
<script src="javascripts/sweetalert.min.js"></script>
<script src="javascripts/sweetalert.js"></script>
</body>
</html>
<?php
if(!isset($_SESSION))
session_start();
if(isset($_SESSION['email']))
{
header("location: welcome.php");
}
require 'dbconnect.php';
if (isset($_POST['email'])&&isset($_POST['password'])&&!empty($_POST['email'])&&!empty($_POST['password']))
{
//Prevent MYSQL Injection, added security
$email = mysqli_real_escape_string($connection, $_POST['email']);
$password = mysqli_real_escape_string($connection, $_POST['password']);
$email = stripslashes($email);
$password = stripslashes($password);
$password = md5($email.$password);
//Match given password with the saved one in db
$query = mysqli_query($connection,"CALL login('$password','$email')");
$rows = mysqli_num_rows($query);
if ($rows == 1) //password is correct
{
$_SESSION['email']=$email;
header("location: progressBar.php");
}
else
{
echo "<script type='text/javascript'>salert('Invalid email or password','Enter again','error');</script>";
}
mysqli_close($connection);
}
?>