I have a table in database called users to store user details
This is the code I have
?php
session_start();
if (isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//Error handlers
//check if inputs are empty
if (empty($uid) || empty($pwd)) {
header("Location: ../index.php?login=empty");
exit();
}else{
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR email ='$uid'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck < 1) {
header("Location: ../Home.php?login=error");
exit();
}else{
if ($row = mysqli_fetch_assoc($result)) {
//De-Hashing the password
$hashedpwdCheck = password_verify($pwd, $row['user_pwd']);
if ($pwd == false) {
header("Location: ../Home.php?login=error");
exit();
}elseif ($pwd == true) {
//log in the user into the system
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_First_Name'] = $row['First_Name'];
$_SESSION['u_Last_Name'] = $row['Last_Name'];
$_SESSION['u_email'] = $row['email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../myAccount/index.php?login=success");
exit();
}
}
}
}
}else{
header("Location: ../Home.php?login=error");
exit();
}
?>