login script

OTHER_INFORMATION/php files/login.php

+<?php
+
+if (isset($_POST['username']) && isset($_POST['password'])) {
+    require_once "connect_db.php";
+
+    $sql = 'SELECT * FROM user_museum WHERE username= ?;';
+
+
+    $username = htmlspecialchars($_POST['username']);
+    $password = htmlspecialchars($_POST['password']);
+
+
+    $stmt = mysqli_stmt_init($connect);
+
+    if (!mysqli_stmt_prepare($stmt, $sql)) {
+        echo "sql_error";
+    } else {
+
+        mysqli_stmt_bind_param($stmt, "s", $username);
+        mysqli_stmt_execute($stmt);
+
+        $result = mysqli_stmt_get_result($stmt);
+
+        if ($row = mysqli_fetch_assoc($result)) {
+
+            require_once 'encode_decode.php';
+
+            $passwordmatch = password_verify($password, $row["password"]);
+
+            $key = 'fu4823yfu03$&u3Sy(48%$>gh)83*hf201*&fg3"!fh9HFG8';
+            $decryptedFirstName = decrypt($row["Firstname"],$key);
+            $decryptedLastName = decrypt($row["Lastname"],$key);
+            if ($passwordmatch) {
+                echo "success,".$decryptedFirstName.','.$decryptedLastName;
+            } else {
+                echo "password_nomatch";
+            }
+        } else {
+            echo "username_nomatch";
+        }
+    }
+    mysqli_stmt_close($stmt);
+    exit();
+}
\ No newline at end of file