WMU-CS4430-Project/var/www/login.php

<?php
    require 'common.php';

    try{
        if($_POST['login_username'] != '' && $_POST['login_password'] != ''){
            if(ctype_alnum($_POST['login_username']) && ctype_alnum($_POST['login_password'])){
                unset($_SESSION['loggedInUser']);
                $db_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'");
                $db_statement->execute();
                $db_statement->setFetchMode(PDO::FETCH_ASSOC);
                $db_returned = $db_statement->fetchAll();
                $matchingUsers = $db_returned[0]['COUNT(*)'];
                if($matchingUsers > 0){
                    // User has been authenticated; set user as logged in
                    $_SESSION['loggedInUser'] = $_POST['login_username'];
                    unset($_SESSION['loginError']);
                    // Move onto landing page
                    header('Location: /messagesInbox.php');
                }else{
                    // No matching users found, send user an error message
                    $_SESSION['loginError'] = 'Invalid Username or Password';
                }
            }else{$_SESSION["loginError"] = "Invalid characters found, please try again";}
        }else{
            // If user submitted login form wihout actually filling it out completely, send user an error message
            if(!empty($_POST)){
                $_SESSION["loginError"] = "Username and Password are required, please try again";
            }
        }
    }catch(PDOException $e){
        echo "PDOException: ".$e->getMessage();
    }catch(Exception $e){
        echo "Exception: ".$e->getMessage();
    }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>friendbook Login</title>
        <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
        <link rel="stylesheet" type="text/css" href="styling.css">
    </head>
    <body>
        <!--#include virtual="header.html" -->
        <div class="message">
            <p><?php if($_SESSION['loginError']!=""){ echo $_SESSION['loginError']; } ?></p>
        </div>
        <h2>Please Login</h2>
        <form action="" method="post">
            Username&colon; <input type="text" name="login_username" placeholder="Username"><br />
            Password&colon; <input type="password" name="login_password" placeholder="Password"><br />
            <br />
            <input type="submit" class="button">
            <a href="/signup.php" class="button">Signup</a>
        </form>
    </body>
</html>
<?php
    $db_connection = null;
?>