prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'");
$db_statement->execute();
$db_statement->setFetchMode(PDO::FETCH_ASSOC);
$db_returned = $db_statement->fetchAll();
$matchingUsers = $db_returned[0]['COUNT(*)'];
if($matchingUsers > 0){
// User has been authenticated; set user as logged in
$_SESSION['loggedInUser'] = $_POST['login_username'];
unset($_SESSION['loginError']);
// Move onto landing page
header('Location: /messages.php');
}else{
// No matching users found, send user an error message
$_SESSION['loginError'] = 'Invalid Username or Password';
}
}else{$_SESSION["loginError"] = "Invalid characters found, please try again";}
}else{
// If user submitted login form wihout actually filling it out completely, send user an error message
if(!empty($_POST)){
$_SESSION["loginError"] = "Username and Password are required, please try again";
}
}
}catch(PDOException $e){
echo "PDOException: ".$e->getMessage();
}catch(Exception $e){
echo "Exception: ".$e->getMessage();
}
?>
friendbook Login