AdamZWinter/login.php

## login.php

    <div id="formInputs">
    <p>
    <input type="text" name="email" id="email" style="width:67%;" placeholder="Email*"/>
    <input type="password" name="password" id="password" style="width:67%;" placeholder="Password*"/>
    </p>
    <button id="reviewButton" onclick="login()" class="buttonLogin">Log In</button>
    </div>

    <div id="for-logged-in-user-only" style="display:none;"></div>
    <p id="result"></p>


    <script>

        function login() {

          var email = encodeURIComponent(document.getElementById("email").value);
          var password = encodeURIComponent(document.getElementById("password").value);

          var params = "email="+email+"&password="+password;

          var xhttp = new XMLHttpRequest();
          xhttp.onreadystatechange = function() {
            if (this.readyState == 4 && this.status == 200) {

                document.getElementById("result").innerHTML = 'Checking Credentials....';

                var response = JSON.parse(this.responseText);

                if(response.hasOwnProperty('error')){
                    document.getElementById("result").innerHTML = response.error;
                }else{
                    var login = response.login;
                    if(login == "success"){
                        document.getElementById("for-logged-in-user-only").style.display = "inline";
                        document.getElementById("for-logged-in-user-only").innerHTML = "Only a logged-in user will see this after logging in.";
                        document.getElementById("formInputs").style.display = "none";   //hides the login form inputs
                    }
                }
            }else{
              window.setTimeout(failed(), 3000);
            }
          };
          xhttp.open("POST", "login.php", true);
          xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
          xhttp.send(params);
        }


        function failed(){
              document.getElementById("result").innerHTML = 'Failed connection.';
        }

    </script>


     <?php
    //login.php
    require('/path/to/database/conf.php');
    $datetime = date("U");

     $obj = new stdClass();
         $obj->login = FALSE;  //initialized
         $obj->email = '';
         $obj->datetime = $datetime;
         $obj->dateread = date("D M j G:i:s T Y");

    $_POST  = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);

      if(!($password=@$_POST["password"])){$obj->error = 'No password included.'; echo json_encode($obj); exit;}
      else {$password=$_POST["password"];}

      if(!($email=@$_POST["email"])){$obj->error = 'No email included.'; echo json_encode($obj); exit;}
      else {$email=$_POST["email"];}

          if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
              $obj->error = 'Invalid Email Address.';
              echo json_encode($obj);
              exit;
               }

     $db = new mysqli('localhost', $dbuser, $userpw, $database);   //These values kept in your conf.php file
     if (mysqli_connect_errno()) {
                                 $obj->error = 'Error: Could not connect to database.';
                                 error_log(json_encode($obj));
                                 echo json_encode($obj);
                                 exit;
                                 }

     $query = "SELECT email, passwordHash              //A password hash created by password_hash()
               FROM users WHERE email = ?";
     $stmt = $db->prepare($query);
     $stmt->bind_param('s', $email);
     $stmt->execute();
     $stmt->store_result();
     $stmt->bind_result($emaildb, $passworddb);
     if (mysqli_connect_errno()) {$obj->error = 'Error: Could not connect to database.  ';
                                 error_log(json_encode($obj));
                                 echo json_encode($obj);
                                 exit;
     }
     else{
         if($stmt->num_rows == 1) {
              while($stmt->fetch()){
                 $obj->email = $emaildb;
                 $obj->passwordHash = $passworddb;
              }

         } else($stmt->num_rows == 0) {
              $obj->error = 'No matching credentials found.';
              echo json_encode($obj);
              exit;
         }
    }
    $stmt->close();

    if(password_verify($password , $obj->passwordHash)){
        $obj->login = 'success';
        echo json_encode($obj);
    }

    $db->close();
    exit;
    ?>

	<div id="formInputs">
	<p>
	<input type="text" name="email" id="email" style="width:67%;" placeholder="Email*"/>
	<input type="password" name="password" id="password" style="width:67%;" placeholder="Password*"/>
	</p>
	<button id="reviewButton" onclick="login()" class="buttonLogin">Log In</button>
	</div>

	<div id="for-logged-in-user-only" style="display:none;"></div>
	<p id="result"></p>



	<script>

	function login() {

	var email = encodeURIComponent(document.getElementById("email").value);
	var password = encodeURIComponent(document.getElementById("password").value);

	var params = "email="+email+"&password="+password;

	var xhttp = new XMLHttpRequest();
	xhttp.onreadystatechange = function() {
	if (this.readyState == 4 && this.status == 200) {

	document.getElementById("result").innerHTML = 'Checking Credentials....';

	var response = JSON.parse(this.responseText);

	if(response.hasOwnProperty('error')){
	document.getElementById("result").innerHTML = response.error;
	}else{
	var login = response.login;
	if(login == "success"){
	document.getElementById("for-logged-in-user-only").style.display = "inline";
	document.getElementById("for-logged-in-user-only").innerHTML = "Only a logged-in user will see this after logging in.";
	document.getElementById("formInputs").style.display = "none"; //hides the login form inputs
	}
	}
	}else{
	window.setTimeout(failed(), 3000);
	}
	};
	xhttp.open("POST", "login.php", true);
	xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
	xhttp.send(params);
	}


	function failed(){
	document.getElementById("result").innerHTML = 'Failed connection.';
	}

	</script>


	<?php
	//login.php
	require('/path/to/database/conf.php');
	$datetime = date("U");

	$obj = new stdClass();
	$obj->login = FALSE; //initialized
	$obj->email = '';
	$obj->datetime = $datetime;
	$obj->dateread = date("D M j G:i:s T Y");

	$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);

	if(!($password=@$_POST["password"])){$obj->error = 'No password included.'; echo json_encode($obj); exit;}
	else {$password=$_POST["password"];}

	if(!($email=@$_POST["email"])){$obj->error = 'No email included.'; echo json_encode($obj); exit;}
	else {$email=$_POST["email"];}

	if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
	$obj->error = 'Invalid Email Address.';
	echo json_encode($obj);
	exit;
	}

	$db = new mysqli('localhost', $dbuser, $userpw, $database); //These values kept in your conf.php file
	if (mysqli_connect_errno()) {
	$obj->error = 'Error: Could not connect to database.';
	error_log(json_encode($obj));
	echo json_encode($obj);
	exit;
	}

	$query = "SELECT email, passwordHash //A password hash created by password_hash()
	FROM users WHERE email = ?";
	$stmt = $db->prepare($query);
	$stmt->bind_param('s', $email);
	$stmt->execute();
	$stmt->store_result();
	$stmt->bind_result($emaildb, $passworddb);
	if (mysqli_connect_errno()) {$obj->error = 'Error: Could not connect to database. ';
	error_log(json_encode($obj));
	echo json_encode($obj);
	exit;
	}
	else{
	if($stmt->num_rows == 1) {
	while($stmt->fetch()){
	$obj->email = $emaildb;
	$obj->passwordHash = $passworddb;
	}

	} else($stmt->num_rows == 0) {
	$obj->error = 'No matching credentials found.';
	echo json_encode($obj);
	exit;
	}
	}
	$stmt->close();

	if(password_verify($password , $obj->passwordHash)){
	$obj->login = 'success';
	echo json_encode($obj);
	}

	$db->close();
	exit;
	?>