prepare($query);
$cmd->bind_param("ss", $id, $password); // Change it when necessary
$cmd->execute();
$result = $cmd->get_result();
$row = mysqli_fetch_assoc($result);
if (strcmp($row['username'],$id) == 0 && strcmp($row['password'],$password) == 0) { // Change it when necessary
$allow_login = true;
}
mysqli_free_result($result);
return $allow_login;
}
/* Precess the data after user submitted */
if (isset($_POST['login'])){
$id = $_POST['id'];
$pwd = $_POST['pwd'];
$csrf_token = $_POST['csrf_token'];
if (check_csrf_token($csrf_token, $TIME_LIMIT)){
if (login_check($id,$pwd)){
// TO DO
}
else {
echo '';
}
}
else {
echo '';
}
unset($_POST['id']);unset($_POST['pwd']);unset($_POST['login']);unset($_POST['csrf_token']);unset($_SESSION["csrf_token"]);unset($_SESSION["token_time"]);
}
?>