Responsive File Manager Authentication

In config/config.php file write below code on top of everything-

<?php
if (session_id() == '') session_start(); error_reporting(0);
if(isset($_GET['logout'])){
    session_destroy();
    header('Location: dialog.php');
    exit();
}

if(!isset($_SESSION['authorized'])){
    if(isset($_POST['submit'])){
          $db = 'yourdbname';
            $uname = 'username';
            $pass = 'yourpass';
      

        $db = new PDO("mysql:host=localhost;dbname=".$db, $uname,$pass);
        $stmt = $db->prepare("SELECT password FROM users WHERE email=?");// AND password=?
        $stmt->bindValue(1, $_POST['username'], PDO::PARAM_STR);
        // $stmt->bindValue(2, password_hash($_POST['password'],CRYPT_BLOWFISH ), PDO::PARAM_STR);
        $stmt->execute();
        $rows = $stmt->fetch(PDO::FETCH_ASSOC);
        if (version_compare(PHP_VERSION, '5.5.9') >= 0) {
        }else{
         //include this library https://github.com/ircmaxell/password_compat
            require_once 'passwordLib.php';   
        }
       
        //echo '<pre>';print_r($rows);exit;
        if( password_verify($_POST['password'],$rows['password']) ){
            $_SESSION['authorized'] = true;
            header('Location: dialog.php');
            exit();
        }
    }
?>
<form action='' method='post' autocomplete='off'>
<p>Email: <input type="text" name="username" value=""></p>
<p>Password: <input type="password" name="password" value=""></p>
<p><input type="submit" name="submit" value="Login"></p>   
</form>
<?php exit;}?>


and enclose all of rfm code in else part.

No comments: