--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/user/uk/checkLogin.php	Thu Feb 16 22:29:02 2017 +0000
@@ -0,0 +1,62 @@
+<?php
+require "PasswordHash.php";
+
+include "../../private/db.php";  
+
+// emailname and password sent from form
+$email=$_GET['email'];
+$mypassword=$_GET['pwd'];
+
+// To protect MySQL injection 
+$email = stripslashes($email);
+$mypassword = stripslashes($mypassword);
+$email = mysqli_real_escape_string($link,$email);
+$mypassword = mysqli_real_escape_string($link,$mypassword);
+
+$t_hasher = new PasswordHash(8, FALSE);
+
+
+$query1 = 'select Password, FirstName, Surname, UserID from user where Email = \'' .$email .'\'';
+//echo $query1 . "\n";
+$data1 = mysqli_query($link, $query1);
+
+while($line = mysqli_fetch_assoc($data1))
+{
+	$passHash = $line['Password'];
+	$displayName=$line['FirstName'];
+	$surname=$line['Surname'];
+	$id=$line['UserID'];
+}
+
+$check = $t_hasher->CheckPassword($mypassword, $passHash);
+if ($check) 
+{
+
+	$query2 = "select ReceiveEmail, GoodreadsState from userpref where UserID = $id";
+	//echo $query1 . "\n";
+	$data2 = mysqli_query($link, $query2);
+
+	while($line = mysqli_fetch_assoc($data2))
+	{
+		$receiveEmail = trim($line['ReceiveEmail']);
+		$GRState=trim($line['GoodreadsState']);
+	}
+
+	if($displayName == "")
+		$displayName=$email;
+	
+	session_start();
+	$_SESSION['displayName']=$displayName;
+	$_SESSION['email']=$email;
+	$_SESSION['surname']=$surname;
+	$_SESSION['UserID']=$id;
+	$_SESSION['receiveEmail']=$receiveEmail;
+	$_SESSION['GRState']=$GRState;
+	echo session_id();
+	echo ":::" . $displayName . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $id;
+}
+else
+{
+	echo "Incorrect UserName or Password";
+}
+?>
\ No newline at end of file