From ed315725d4b0d965c6b9466bc7f76707dd2e1c3a Mon Sep 17 00:00:00 2001
From: 65160377 <65160377@go.buu.ac.th>
Date: Sat, 29 Mar 2025 02:32:43 +0700
Subject: [PATCH] Initial commit

---
 includes/signin.php | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/includes/signin.php b/includes/signin.php
index c14cbd8..1f529fe 100644
--- a/includes/signin.php
+++ b/includes/signin.php
@@ -3,23 +3,21 @@ session_start();
 if(isset($_POST['signin']))
 {
 $email=$_POST['email'];
-$password=md5($_POST['password']);
-$sql ="SELECT EmailId,Password FROM tblusers WHERE EmailId=:email and Password=:password";
-$query= $dbh -> prepare($sql);
-$query-> bindParam(':email', $email, PDO::PARAM_STR);
-$query-> bindParam(':password', $password, PDO::PARAM_STR);
-$query-> execute();
-$results=$query->fetchAll(PDO::FETCH_OBJ);
-if($query->rowCount() > 0)
-{
-$_SESSION['login']=$_POST['email'];
-echo "<script type='text/javascript'> document.location = 'package-list.php'; </script>";
-} else{
-	
-	echo "<script>alert('Invalid Details');</script>";
+$password = $_POST['password'];
+$sql = "SELECT EmailId, Password FROM tblusers WHERE EmailId=:email";
+$query = $dbh->prepare($sql);
+$query->bindParam(':email', $email, PDO::PARAM_STR);
+$query->execute();
+$result = $query->fetch(PDO::FETCH_ASSOC);
 
+if ($result && password_verify($password, $result['Password'])) {
+    $_SESSION['login'] = $email;
+    echo "<script type='text/javascript'> document.location = 'package-list.php'; </script>";
+} else {
+    echo "<script>alert('Invalid Details');</script>";
 }
 
+
 }
 
 ?>
-- 
GitLab