PHP -Anmeldesystem
<?php
session_start();
if(!isset($_POST['pass'])){
header("Location: index.html");
exit();
}
$login = $_POST['login'];
$pass = $_POST['pass'];
$login = htmlentities($login, ENT_HTML5, "UTF-8");
$pass = htmlentities($pass, ENT_HTML5, "UTF-8");
require_once "../../includes/connect.php";
try{
$db = new mysqli($host, $db_user,$db_pass, $db_name);
if(!$db->connect_errno == 0){
throw new Exception("connection error");
}else{
$query = "SELECT * FROM users WHERE user = ?";
if(!$exec = $db->prepare($query)){
throw new mysqli_sql_exception("Query prepare error");
}else{
$exec->bind_param("s", $login);
$exec->execute();
$res = $exec->get_result();
$assoc = $res->fetch_assoc();
if($res->num_rows != 0){
if(!password_verify($pass,$assoc['pass'])){
$_SESSION['error'] = "incorrect login or pass";
header("Location: ../../index.html");
}else{
$_SESSION['name'] = $assoc['name'];
$_SESSION['surname'] = $assoc['surname'];
$_SESSION['desription'] = $assoc['opis'];
$_SESSION['role'] = $assoc['role'];
if($assoc['isAdmin']){
$_SESSION['admin'] = true;
header("Location: ../../AdminPanel.php");
}else{
$_SESSION['loged'] = true;
header("Location: ../../User.php");
}
}
}else{
$_SESSION['error'] = "Invalid login or Pass";
header("Location: ../../index.html");
}
}
}
}catch(Exception $e){
echo $e;
}catch(mysqli_sql_exception $e){
echo $e;
}
i have no idea