<?php require_once('app/init.php'); $username = $_POST['username']; $password = $_POST['password']; if ( $user = user_exists($username)) { if ( isValid($username, $password, $user->password)) { login($user); } else { return 'Invalid login credentials.'; } } else { return 'That user does not exist!'; } function isValid($username, $password, $password2) { return password_verify($password, $password2); } function login($user) { $_SESSION['username'] = $user->username; $_SESSION['role'] = $user->role; header('Location: ./index.php'); } function user_exists($username) { $pdo = new PDO("mysql:host=localhost;dbname=sqli_example", "sqli_example", "password"); $sth = $pdo->prepare("SELECT username, password, role FROM users WHERE username = ?"); $sth->bindParam(1, $username, PDO::PARAM_STR); $sth->execute(); return $user = $sth->fetch(PDO::FETCH_OBJ); }