Nachrichten abrufen

1. <?php
2. session_start();
3.  
4. $pdo = new PDO('mysql:host=localhost;dbname=', '', '');
5.  
6. if(!isset($_SESSION['userid'])) {
7.     die('Bitte zuerst <a href="/login/login.php">einloggen</a>');
8. }
9.  
10. if(isset($_GET['abrufen'])) {
11. $name = $_POST['name'];
12. $passwort = $_POST['passwort'];
13.  
14. $statement = $pdo->prepare("SELECT * FROM users WHERE name = :name");
15. $result = $statement->execute(array('name' => $name));
16. $user = $statement->fetch();
17.    
18. if ($user !== false && password_verify($passwort, $user['passwort'])) {
19. $_SESSION['userid'] = $user['id'];
20.  
21.   mysql_connect("localhost","","");
22.   mysql_select_db("zocker-ka");
23.  
24.    $pn = mysql_query("SELECT von, betreff, text FROM nachrichten WHERE an = $name");
25.                            
26.     while($row = mysql_fetch_array($pn)) {
27.         echo "Von: " . $row[von] . " | Betreff: " . $row[betreff] . "<br><br>$row[text]"; // Ausgeben des Textes
28.     }
29. }
30. }
31. ?>
32. <html>
33. <head>
34. <title>Nachrichten abrufen</title>
35. </head>
36. <body>
37. <h1>Nachrichtenn abrufen:</h1>
38. <form action="?abrufen=1" method="post">
39. <h2>Benutzername:<br />
40. <input type="text" name="name" size="40" maxlength="255"><br />
41. Passwort:<br />
42. <input type="password" name="passwort" size="40" maxlength="255"><br />
43. <input type="submit" name="abrufen" value="abrufen" />
44. </h2>
45. </form>
46. </body>
47. </html>