Skip to content

Instantly share code, notes, and snippets.

@AdamZWinter
Created May 29, 2020 07:20
Show Gist options
  • Save AdamZWinter/7a5b6697219b69b48fd10e5b81bef10a to your computer and use it in GitHub Desktop.
Save AdamZWinter/7a5b6697219b69b48fd10e5b81bef10a to your computer and use it in GitHub Desktop.
<div id="formInputs">
<p>
<input type="text" name="email" id="email" style="width:67%;" placeholder="Email*"/>
<input type="password" name="password" id="password" style="width:67%;" placeholder="Password*"/>
</p>
<button id="reviewButton" onclick="login()" class="buttonLogin">Log In</button>
</div>
<div id="for-logged-in-user-only" style="display:none;"></div>
<p id="result"></p>
<script>
function login() {
var email = encodeURIComponent(document.getElementById("email").value);
var password = encodeURIComponent(document.getElementById("password").value);
var params = "email="+email+"&password="+password;
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("result").innerHTML = 'Checking Credentials....';
var response = JSON.parse(this.responseText);
if(response.hasOwnProperty('error')){
document.getElementById("result").innerHTML = response.error;
}else{
var login = response.login;
if(login == "success"){
document.getElementById("for-logged-in-user-only").style.display = "inline";
document.getElementById("for-logged-in-user-only").innerHTML = "Only a logged-in user will see this after logging in.";
document.getElementById("formInputs").style.display = "none"; //hides the login form inputs
}
}
}else{
window.setTimeout(failed(), 3000);
}
};
xhttp.open("POST", "login.php", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send(params);
}
function failed(){
document.getElementById("result").innerHTML = 'Failed connection.';
}
</script>
<?php
//login.php
require('/path/to/database/conf.php');
$datetime = date("U");
$obj = new stdClass();
$obj->login = FALSE; //initialized
$obj->email = '';
$obj->datetime = $datetime;
$obj->dateread = date("D M j G:i:s T Y");
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
if(!($password=@$_POST["password"])){$obj->error = 'No password included.'; echo json_encode($obj); exit;}
else {$password=$_POST["password"];}
if(!($email=@$_POST["email"])){$obj->error = 'No email included.'; echo json_encode($obj); exit;}
else {$email=$_POST["email"];}
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$obj->error = 'Invalid Email Address.';
echo json_encode($obj);
exit;
}
$db = new mysqli('localhost', $dbuser, $userpw, $database); //These values kept in your conf.php file
if (mysqli_connect_errno()) {
$obj->error = 'Error: Could not connect to database.';
error_log(json_encode($obj));
echo json_encode($obj);
exit;
}
$query = "SELECT email, passwordHash //A password hash created by password_hash()
FROM users WHERE email = ?";
$stmt = $db->prepare($query);
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($emaildb, $passworddb);
if (mysqli_connect_errno()) {$obj->error = 'Error: Could not connect to database. ';
error_log(json_encode($obj));
echo json_encode($obj);
exit;
}
else{
if($stmt->num_rows == 1) {
while($stmt->fetch()){
$obj->email = $emaildb;
$obj->passwordHash = $passworddb;
}
} else($stmt->num_rows == 0) {
$obj->error = 'No matching credentials found.';
echo json_encode($obj);
exit;
}
}
$stmt->close();
if(password_verify($password , $obj->passwordHash)){
$obj->login = 'success';
echo json_encode($obj);
}
$db->close();
exit;
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment