Initial commit

ed315725 · 65160377 · fa70ef49 · ed315725
Commit ed315725 authored 1 week ago by 65160377
--- a/includes/signin.php
+++ b/includes/signin.php
@@ -3,23 +3,21 @@ session_start();
 if(isset($_POST['signin']))
 {
 $email=$_POST['email'];
-$password=md5($_POST['password']);
-$sql ="SELECT EmailId,Password FROM tblusers WHERE EmailId=:email and Password=:password";
-$query= $dbh -> prepare($sql);
-$query-> bindParam(':email', $email, PDO::PARAM_STR);
-$query-> bindParam(':password', $password, PDO::PARAM_STR);
-$query-> execute();
-$results=$query->fetchAll(PDO::FETCH_OBJ);
-if($query->rowCount() > 0)
-{
-$_SESSION['login']=$_POST['email'];
-echo "<script type='text/javascript'> document.location = 'package-list.php'; </script>";
-} else{
-	
-	echo "<script>alert('Invalid Details');</script>";
+$password = $_POST['password'];
+$sql = "SELECT EmailId, Password FROM tblusers WHERE EmailId=:email";
+$query = $dbh->prepare($sql);
+$query->bindParam(':email', $email, PDO::PARAM_STR);
+$query->execute();
+$result = $query->fetch(PDO::FETCH_ASSOC);

+if ($result && password_verify($password, $result['Password'])) {
+    $_SESSION['login'] = $email;
+    echo "<script type='text/javascript'> document.location = 'package-list.php'; </script>";
+} else {
+    echo "<script>alert('Invalid Details');</script>";
 }

+
 }

 ?>