EDIT: I now have the coding working with the captcha and gives me the error message I wanted. How do you recommend I encrypt a password instead of md5 hash?
Code: Select all
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link href="login-styles.css" rel="stylesheet" type="text/css" />
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<div class="container">
<div id="login-form">
<p><img src="images/logo.png" width="310" height="91" /><br /></p>
<h3>ADMINISTRATOR Login</h3>
<fieldset>
<form id="loginForm" name="loginForm" method="post" action="">
<?php
if(!isset($_SESSION)) { session_start(); }
include("connection.php");
error_reporting(0);
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if(isset($_POST['g-recaptcha-response'])) {$captcha=$_POST['g-recaptcha-response']; }
if(isset($_POST['submit']) && !empty($_POST['submit'])) {
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LfqjRUTAAAAAMmVW4roXj5QIBlYETR5VNEbSE33&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false) {
echo "invalid captcha";
} else {
if (!empty($_POST['password'])) { $password = stripslashes($_POST['password']) ;}
if (!empty($_POST['username'])) { $username = stripslashes($_POST['username']) ;}
$username = mysqli_real_escape_string($db, $username);
$password = mysqli_real_escape_string($db, $password);
$password = md5($password);
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(mysqli_num_rows($result) == 1 && !empty($captcha)) {
$_SESSION['username'] = $username;
header("location: edit-index.php");
} else {
echo "<div style='color:red;'>Invalid username and password combination or missing captcha. Please try again</div>";
$password = "";
}
}
}
?>
<input type="username" name="username" placeholder="username" id="username" value="<?php echo $username; ?>" required >
<input type="password" name="password" placeholder="password" id="password" value="<?php echo $password; ?>" required >
<input type="submit" name="submit" id="submit" value="Login">
<div style="color: #000;" class="clearfix">
<div class="g-recaptcha" data-sitekey="6LfqjRUTAAAAAI-G3YjUZXZeyQWwVmv2lXvVzbya"></div>
<div style="text-align:left; padding-top:10px;"><strong>General Log In Notes: </strong><br /><br /> Passwords are case sensitive.<br />Usernames are not case sensitive. </div>
</div>
</form>
</fieldset>
</div>
</div>
</body>
</html>