<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysqli_real_escape_string($db,$_POST['username']);
$mypassword = mysqli_real_escape_string($db,$_POST['password']);
$sql = "SELECT id FROM login WHERE username = '$myusername' and passcode = '$mypassword'";
$result = mysqli_query($db,$sql);
//$row = mysqli_fetch_array($result,MYSQLI_ASSOC); //Produces an ASSOCIATIVE array
//$active = $row['active'];
$count = mysqli_num_rows($result);
if($count == 1) {
$_SESSION['login_user'] = $myusername;
header("location: welcome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>
<html>
<head>
<title>Login Page</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
<style>code {background-color:#D3D3D3;}</style>
</head>
<body>
<div class="container">
<h2>Login Form</h2>
<form action = "" method = "post">
<div class="form-group">
<label for="username">Username:</label>
<input class="form-control" placeholder="Enter Username" type = "text" name = "username">
</div>
<div class="form-group">
<label for="pwd">Password:</label>
<input class="form-control" placeholder="Enter Password" type = "password" name = "password">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
<?php if (isset($error)){
echo '<div class="alert alert-danger alert-dismissable">
<a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>
<strong>' . $error . '</strong>
</div>';
}
?>
</div>
<br>
<div class="container" style="background-color:#D3D3D3;">
<?php highlight_file("login.php"); //outputs the source code of this file to the web page ?>
</div>
</body>
</html>