prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;'); $result = $statement->execute(array('username' => $_POST['username'])); if ($statement->rowCount() > 0) { //existing user name $dbentry = $statement->fetch(); //chechk for correct password if ($dbentry['authentication_string'] == hash($dbentry['authentication_algorithm'], $_POST['password'] . $dbentry['authentication_salt'])) { //password correct $_SESSION['user_id'] = $dbentry['id']; // IP and user agent string are used to prevent cheap session stealing $_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT']; header("Location: https://threadr.lostcave.ddnss.de/threadr/userhome/"); } else { //password inorrect header("Location: https://threadr.lostcave.ddnss.de/threadr/login/?error=credentials"); die(); } } else { //wrong user name header("Location: https://threadr.lostcave.ddnss.de/threadr/login/?error=credentials"); die(); } ?>