prepare('SELECT * FROM users WHERE user=?'); $stmt->execute(array($user)); if($result = $stmt->fetch(PDO::FETCH_ASSOC)){ if (password_verify($pwd, $result["password"])){ $skey = generate_skey(); $stmt = $conn->prepare("INSERT INTO sessions (skey, uid) VALUES (:skey, :uid)"); $stmt->bindParam(':skey', $skey); $stmt->bindParam(':uid', $result["id"]); $stmt->execute(); $sid = $conn->lastInsertId(); $conn = null; if($remember == 1){ setcookie("pp_sid", $sid, time()+63072000); //Dies in 2 years setcookie("pp_skey", $skey, time()+63072000); //Dies in 2 years } else { setcookie("pp_sid", $sid); //Dies when browser closes setcookie("pp_skey", $skey); //Dies when browser closes } header("Location: index.php"); die(); } else echo "No!"; //TODO: Wrong password } else echo "Fail!"; //TODO: No user or SQL fail. $conn = null; } if($_POST["type"]=="register" && isset($_POST["user"]) && isset($_POST["pwd"])){ //Get options $user = $_POST["user"]; $pwd = $_POST["pwd"]; $hash = password_hash($pwd ,CRYPT_BLOWFISH); //Does this user exist include "config/config.php"; $stmt = $conn->prepare('SELECT * FROM users WHERE user=?'); $stmt->execute(array($user)); if($result = $stmt->fetch(PDO::FETCH_ASSOC)){ echo "

User allready exists!

"; $conn = null; die(); } //Did the person enter a password if($pwd==""){ echo "

You need a password to singup!

"; $conn = null; die(); } //Register the user $stmt = $conn->prepare("INSERT INTO users (user,password) VALUES (:user, :pwd)"); $stmt->bindParam(':user', $user); $stmt->bindParam(':pwd', $hash); if($stmt->execute()){ header("Location: login"); } else { echo "Fail!"; } $conn = null; } } else { echo '
Login
'; echo '
'; echo '
'; } ?>