Advertisement
Guest User

Untitled

a guest
Jul 24th, 2014
209
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.36 KB | None | 0 0
  1. <?php
  2. session_start();
  3. $submit = $_POST["submit"];
  4. if($submit){setSessionVars();}
  5. function setSessionVars() {
  6. $_SESSION['username'] = $_POST['username'];
  7. header('Location: session.php');
  8. }
  9. ?>
  10.  
  11. <html>
  12. <body>
  13. <form method="post" action="process.php">
  14. Username:<input type="text" name="username" /> <br /> <br />
  15. Quick Access PIN: <input type="text" name="pin" maxlength="4"/> <br /> <br />
  16. <input type="submit" type="submit" value="submit"/>
  17. <br />
  18. </form>
  19. </body>
  20. </html>
  21.  
  22. $password = $_POST['pin'];
  23. $username = $_SESSION['username'];
  24.  
  25. //Get Session Username
  26.  
  27. //This is just a little checksum variable to make sure the user doesn't louse through with just a username
  28. $checksum = 0;
  29.  
  30. $link = mysql_connect ("$databaseHostname", "$databaseUsername", "$databasePassword")or die("error: cannot connect - " . mysql_error());
  31. mysql_select_db("$databaseDbName")or die("cannot select DB");
  32.  
  33. $getuserid = mysql_query("SELECT * FROM $usertable WHERE username = '$username'") or die ("something went wrong");
  34. $getqap = mysql_query("SELECT * FROM $passtable WHERE pf_qap = '$password'") or die("Something went wrong");
  35.  
  36. $userid = mysql_fetch_assoc($getuserid);
  37.  
  38. $qap = mysql_fetch_assoc($getqap);
  39.  
  40.  
  41. if ($getuserid) {
  42. // Check for at least one row returned
  43. if (mysql_num_rows($getuserid) == 1) {
  44. //echo "We have found a user id";
  45. ++$checksum;
  46. }
  47. else {
  48. //echo "We couldn't find a user id";
  49. }
  50. }
  51. if ($getqap) {
  52.  
  53. if (mysql_num_rows($getqap) == 1) {
  54. ++$checksum;
  55. //echo "We have found a PIN!";
  56. }
  57. else {
  58.  
  59. //echo "We could not find a PIN!";
  60. }
  61. }
  62.  
  63.  
  64.  
  65. if ($checksum == 2) {
  66. echo "Redirecting...";
  67. //echo $userid['user_id'];
  68. ?>
  69. <html>
  70. <meta http-equiv="refresh" content="0; url=./display.php" />
  71. </html>
  72. <?
  73. }
  74. else {
  75. echo "Redirecting...";
  76. ?>
  77. <html>
  78. <meta http-equiv="refresh" content="0; url=./failure.htm" />
  79. </html>
  80. <?
  81.  
  82.  
  83. }
  84.  
  85. ?>
  86.  
  87. <?php session_start();
  88.  
  89. //DB Connection info left out on purpose.
  90.  
  91.  
  92. $user2 = $_SESSION['username'];
  93.  
  94. $link = mysqli_connect ("$databaseHostname", "$databaseUsername", "$databasePassword", "$databaseDbName")or die("error: cannot connect - " . mysql_error());
  95.  
  96. $result = mysqli_query($link, "SELECT * FROM moongame_appeal WHERE appeal_user = '$username'");
  97. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement