<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>User control panel</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<div class="login-page">
<div class="form">
<form class="login-form">
// here
<input type="text" placeholder="Username"/>
<input type="password" placeholder="Password"/>
<button><input type='submit' name="submit" value='Login' /> </button>
</form>
</div>
</div>
<script src='http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
<script src="js/index.js"></script>
</body>
</html>
<?php if(isset($_GET['invalid'])): ?>
<p>invalid</p>
<?php endif; ?>
Depends on how you display the page. To make it very simple you can pass a GET parameter to the URL like mywebsite.com/login.php?invalid and then display the section if that parameter is set. Obviously don't use this method for things that only admins are able to see because users can guess these parameters. Use sessions for those things.
PHP код:
|
if($submit) //if he press submit button
{
if($username && $password) //if he type both of username and password not just one of them
{
$query = mysql_query("SELECT Username, Password FROM accounts WHERE Username = '$username'"); //selecting user name and password, change it to your field names, chage users to your table name, $username means username that he type...
if(mysql_num_rows($query) == 1) //if user exists
{
while($row = mysql_fetch_assoc($query)) //loop thought table that we select in mysql_query
{
$dbusername = $row['Username']; //setting dbusername as variable from table, change 'username' to your field!
$dbpassword = $row['Password']; //setting dbpassword as variable from table, change 'password' to your field!
}
$dec = hash('whirlpool', '$password');
$dec = strtoupper($dec);
if($username == $dbusername && $dec == $dbpassword) //if username is same as one from table and if password is the same as one from table...
{
$_SESSION['username'] = $dbusername; //setting session username to one from table, this is useful if you login, that restart your browser and than you go in url where is your profile.php... Anyway this is useful :D
echo header('location: profile.php'); //redirecting user to his profile page (profile.php)
}
else header('login.php?invalid'); //else if user type wrong password he will get this...
}
else header('login.php?invalid'); //if username doesn't exist in table user will get this
}
else header('login.php?invalid'); //else if user doesn't type all fields he will get this...
}
header("location: login.php?invalid");
Thanks, by the way, why not samp's whirlpool matches php's whirlpool hashes?
|
samp makes the hash upper case, php makes them lower, use strtoupper(); on the hash.
|