<?php echo "<!doctype html>\n"; $username = $_GET['username']; //wouldnt use GET for passing username and password; $password = $_GET['password']; $password = password_hash($password, PASSWORD_BCRYPT, 12); $pdo = new PDO('sqlite::memory:'); //assume we don't really want to drop our users table on every run of this script. //$pdo->exec("DROP TABLE IF EXISTS users"); //$pdo->exec("CREATE TABLE users (username VARCHAR(255), password VARCHAR(255))"); $sql = "INSERT INTO users (username,password) VALUES (:username,:password)"; $q = $conn->prepare($sql); $q->execute(array(':username'=>$username,':password'=>$password)); //this would always return a result as we've just inserted a new user with those values, so I'd totally seperate out the user //registration and login code. $statement = $pdo->query("SELECT * FROM users WHERE username = '$username' AND password = '$password'"); if (count($statement->fetchAll())) { echo "Access granted to $username!<br>\n"; } else { echo "Access denied for $username!<br>\n"; }
You have javascript disabled. You will not be able to edit any code.