<?php header("Access-Control-Allow-Origin: *"); // (A) USER & PASSWORD SHOULD BE KEPT SAFELY IN A DATABASE... $user = [ "name" => "john", "email" => "john@doe.com", "password" => "12345" ]; require_once "config.php"; if($_SERVER["REQUEST_METHOD"] == "POST"){ $username=trim($_POST["username"]); // Prepare a select statement $sql = "SELECT id FROM users WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = $username; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ /* store result */ mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt) == 1){ $found= "found"; } else{ $found="not found"; echo "User Not Found"; mysqli_stmt_close($stmt); exit; } } else{ echo "Oops! Something went wrong. Please try again later."; } // Close statement mysqli_stmt_close($stmt); } } // (B) CHECK USER & PASSWORD //$pass = $_POST['password']; if ($pass) { $pass = $_POST['password'] == $user['password']; } // Validate password if(empty(trim($_POST["password"]))){ $password_err = "Please enter a password."; } elseif(strlen(trim($_POST["password"])) < 2){ $password_err = "Password must have atleast 2 characters."; } else{ $password = trim($_POST["password"]); } // Prepare a select statement $sql = "SELECT * FROM users WHERE username = ? and password=? limit 1"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password); // Set parameters $param_username = $username; $param_password = $password; // $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ /* store result */ $result = mysqli_stmt_get_result($stmt); while ($row = mysqli_fetch_array($result)) { // echo $row['id']; $id=$row['id']; $guser=$row['guser']; } session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["uid"] = $id; $_SESSION["username"] = $username; $_SESSION["guser"] = $guser; //echo $id; // var_dump($result); //exit; // mysqli_stmt_store_result($stmt); // if(mysqli_stmt_num_rows($stmt) == 1){ //if(mysqli_num_rows($result) > 0) // } else{ if(mysqli_num_rows($result) > 0) { $found= "found"; $pass="pass"; } else { session_start(); // Store data in session variables $_SESSION["loggedin"] = false; $_SESSION["id"] = ""; $_SESSION["uid"] = ""; $_SESSION["username"] = ""; $_SESSION["guser"] = ""; $pass="no"; $found="not found"; } mysqli_stmt_close($stmt); } //exit; //exit; // } // } else{ // echo "Oops! Something went wrong. Please try again later."; // } // Close statement mysqli_stmt_close($stmt); } // (C) START SESSION IF VALID USER if ($pass) { session_start(); $_SESSION['user'] = [ "name" => $user['name'], "email" => $user['email'] ]; } // (D) RESPOND TO AJAX echo $pass=="pass" ? "OK" : "Wrong password"; /* (E) PROTECT ALL YOUR PAGES * session_start(); * if (!is_array(user)) { header("location: http://site.com/login.html"); } */ /* (F) TO LOGOFF * unset($_SESSION['user']); */

Edit file:danny.php4952