Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $host="localhost";
- $db_name="local1";
- $db_user="admin";
- $db_password="pass";
- $con = mysqli_connect($host, $db_user, $db_password);
- $username = $_POST["username"];
- $password = $_POST["password"];
- mysqli_select_db($con, $db_name);
- $query = "SELECT * FROM users WHERE username='$username'";
- $result = mysqli_query($con, $query);
- echo "<pre>";
- if (mysqli_errno($con) !== 0) {
- echo "SQL error: ", htmlspecialchars(mysqli_error($con)), "\n";
- }
- echo "</pre>";
- if (!$result) {
- exit();
- }
- $logged_in = false;
- $row=mysqli_fetch_array($result);
- if ($row["password"] === $password) {
- $logged_in = true;
- echo "<h1>Logged in!</h1>";
- echo "<pre>User level: ", $row["user_level"], "</pre>";
- if ($row["user_level"] >= 50) {
- echo "<p>Congarts :D ! you have found a high level user \n tell the admin to always use intval(GET['id'])</p>";
- } else {
- echo "<p>you didn't find a user that has a high level.</p>";
- }
- }
- else
- echo "Wrong Username or Password :( !";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
