• User Attivo

    accesso utente

    salve non riesco a capire perchè se un utente non registrato prova a effettuare l'accesso da pagina bianca come posso risolvere? chiedo aiuto posto i codici

    <form method="post" 
    			action="app/http/auth.php">
                <div class="d-flex
    			justify-content-center
    			align-items-center
    			flex-column">
    			<h3 class="display-4 fs-1 
    			text-center">
    			</h3>   
    
    			</div>
    			<?php if (isset($_GET['error'])) { ?>
    			<div class="alert alert-warning" role="alert">
    			<?php echo htmlspecialchars($_GET['error']);?>
    			</div>
    			<?php } ?>
    										
    			<?php if (isset($_GET['success'])) { ?>
    			<div class="alert alert-success" role="alert">
    			<?php echo htmlspecialchars($_GET['success']);?>
    			</div>
    			<?php } ?>
    			<div class="mb-3">
    			<label class="form-label">
    			Nome utente</label>
    			<input type="text" 
    			class="form-login"
    			name="username">
    			</div>
    
    			<div class="mb-3">
    			<label class="form-label">
    			Password</label>
    			<input type="password" 
    			class="form-login"
    			name="password">
    			</div>
    									  
    			 <button type="submit" 
    			 class="btn btn-outline-secondary">
    			 Accedi</button>
    			 <a class="btn btn-outline-secondary" href="signup.php" role="button">Registrati</a>
    			 <hr>
    			 <br>
    			 <a class="btn btn-outline-secondary" href="recupero.php" role="button">Password dimenticata?</a>
    			 </form>  
    ----------------------------------------------
    
    <?php  
    session_start();
    
    # check if username & password  submitted
    if(isset($_POST['username']) &&
       isset($_POST['password'])){
    
       # database connection file
       include '../db.conn.php';
       
       # get data from POST request and store them in var
       $password = $_POST['password'];
       $username = $_POST['username'];
       
       $data = "username=".$username;
       
       #simple form Validation
       if(empty($username)){
          # error message
          $em = "inserisci il nome utente";
    
          # redirect to 'index.php' and passing error message
          header("Location: ../../index.php?error=$em&$data");
       }else if(empty($password)){
          # error message
          $em = "inserisci la password";
    
          # redirect to 'index.php' and passing error message
          header("Location: ../../index.php?error=$em&$data");
       }else {
          $sql  = "SELECT * FROM 
                   users WHERE username=?";
          $stmt = $conn->prepare($sql);
          $stmt->execute([$username]);
    
          # if the username is exist
          if($stmt->rowCount() === 1){
            # fetching user data
            $user = $stmt->fetch();
    		
            # if both username's are strictly equal
            if ($user['username'] === $username) {
               
               # verifying the encrypted password
              if (password_verify($password, $user['password'])) {
    			  
    
                # successfully logged in
                # creating the SESSION
                $_SESSION['username'] = $user['username'];
                $_SESSION['name'] = $user['name'];
                $_SESSION['user_id'] = $user['user_id'];
    
                # redirect to 'home.php'
                header("Location: ../../home.php");
    
              }else {
                # error message
                $em = "Nome utente o password errati";
    
                # redirect to 'index.php' and passing error message
                header("Location: ../../index.php?error=$em&$data");
              }
            }else {
              # error message
              $em = "Nome utente o password errati";
    
              # redirect to 'index.php' and passing error message
              header("Location: ../../index.php?error=$em&$data");
            }
          }
       }
    }else {
      header("Location: ../../index.php");
      exit;
    }
    
    
    
    
    

  • User Attivo

    Buongiorno sono riuscito a risolvere certo non è un gran che ma va bene e funziona 🙂 posto il codice

    <?php
        session_start();
        include('../db.conn.php');
        if (isset($_POST['username'])) {
            $username = $_POST['username'];
            $password = $_POST['password'];
            $query = $conn->prepare("SELECT * FROM users WHERE username=:username");
            $query->bindParam("username", $username, PDO::PARAM_STR);
            $query->execute();
            $result = $query->fetch(PDO::FETCH_ASSOC);
            if (!$result) {
               
    		$em = "Il nome utente non risulta registrato!";
        	header("Location: ../../index.php?error=$em");
    			
            } else {
                if (password_verify($password, $result['password'])) {
                    $_SESSION['user_id'] = $result['user_id'];
    				$_SESSION['username'] = $result['username'];
    				$_SESSION['name'] = $result['name'];
    				
    				header("Location: ../../home.php");
    				
                    echo '<p class="success">Accesso eseguito con successo!</p>';
                } else {
                    $em = "Nome utente o password errata!";
        	    header("Location: ../../index.php?error=$em");
                }
            }
        }
    ?>