/
handle_login.php
38 lines (35 loc) · 1016 Bytes
/
handle_login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
<?php
session_start();
require_once('conn.php');
require_once('utils.php');
if (empty($_POST['username']) || empty($_POST['password'])) {
header("Location: login.php?errCode=1");
die('資料不全,請重新輸入');
}
// 可以用 sprintf 來避免用 . 連接字串,使其難以閱讀。
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM yiluan_w10_users WHERE username=?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('s', $username);
$result = $stmt->execute();
if (!$result) {
die($conn->error);
}
$result = $stmt->get_result();
// 沒查到使用者
if ($result->num_rows === 0) {
header("Location: login.php?errCode=2");
exit();
}
// 查到使用者
$row = $result->fetch_assoc();
if (password_verify($password, $row['password'])) {
// 登入成功
$_SESSION['username'] = $username;
header("Location: index.php");
} else {
header("Location: login.php?errCode=2");
exit();
}
?>