WMU-CS4430-Project/var/www/login.php

<?php
    session_start();
    require 'db_connection.php';

    try{
        if($_POST['login_username'] != '' && $_POST['login_password'] != ''){
            unset($_SESSION['loggedInUser']);
            $db_statement = $db_connection->prepare("SELECT COUNT(*) FROM login WHERE username = '".$_POST["login_username"]."' and pword = '".$_POST["login_password"]."'");
            $db_statement->execute();
            $db_statement->setFetchMode(PDO::FETCH_ASSOC);
            $db_returned = $db_statement->fetchAll();
            $matchingUsers = $db_returned[0]['COUNT(*)'];
            if($matchingUsers > 0){
                // User has been authenticated; set user as logged in
                $_SESSION['loggedInUser'] = $_POST['login_username'];
                unset($_SESSION['loginError']);
                // Move onto landing page
    //                        header('Location: /landingPage.html');
            }else{
                // No matching users found, send user error
                $_SESSION['loginError'] = 'Invalid Username or Password';
                // Return to login page
    //                        header("Location: /login.php");
            }
        }else{
            // Return to login page, as credentials were not captured
            $_SESSION["loginError"] = "Username and Password are required, please try again";
    //                    header("Location: /login.php");
        }
    }catch(PDOException $e){
        echo "PDOException: ".$e->getMessage();
    }catch(Exception $e){
        echo "Exception: ".$e->getMessage();
    }
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>FriendBook Login</title>
        <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
    </head>
    <body>
        <style>
            body {
                background-color: #3B5998;
                color: white;
            }
        </style>
        <div class="message">
            <p><?php if($_SESSION['loginError']!=""){ echo $_SESSION['loginError']; } ?></p>
        </div>
        <h2><font color="white">Please Login</h2>
        <form action="" method="post">
            User&colon;
            <input type="text" name="login_username" placeholder="Username"><br />
            Password&colon;
            <input type="password" name="login_password" placeholder="Password"><br />
            <input type="submit">
        </form>
        <?php
            echo '<h3>$GLOBALS</h3>';
            echo '<pre>';
            print_r($GLOBALS);
            echo '</pre>';
        ?>
    </body>
</html>
<?php
    $db_connection = null;
?>