<?php
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
// processing remember me option and setting cookie with long expiry date
if (isset($_POST['remember'])) {
session_set_cookie_params('604800'); //one week (value in seconds)
session_regenerate_id(true);
}
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
# check connection
if ($mysqli->connect_errno) {
echo "MySQL error no {$mysqli->connect_errno} : {$mysqli->connect_error}";
exit();
}
$sql = "SELECT * from users WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
$result = $mysqli->query($sql);
if ($result->num_rows != 1) {
echo "Error: Invalid username/password combination";
}
else {
$user = $result->fetch_array();
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$timestamp = time();
$sql = "UPDATE users SET status={$timestamp} WHERE id={$_SESSION['user_id']}";
$result = $mysqli->query($sql);
redirect_to("index.php?id={$_SESSION['user_id']}");
}
}
if (isset($_GET['msg'])) {
echo "" . $_GET['msg'] . "";
}
if (logged_in() == true) {
echo "You have Logged in successfully. Click here to go to the main page";
}
else {
echo "Oh! No account? Register here!";
}
?>
