Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $submit = $_POST["submit"];
- if($submit){setSessionVars();}
- function setSessionVars() {
- $_SESSION['username'] = $_POST['username'];
- header('Location: session.php');
- }
- ?>
- <html>
- <body>
- <form method="post" action="process.php">
- Username:<input type="text" name="username" /> <br /> <br />
- Quick Access PIN: <input type="text" name="pin" maxlength="4"/> <br /> <br />
- <input type="submit" type="submit" value="submit"/>
- <br />
- </form>
- </body>
- </html>
- $password = $_POST['pin'];
- $username = $_SESSION['username'];
- //Get Session Username
- //This is just a little checksum variable to make sure the user doesn't louse through with just a username
- $checksum = 0;
- $link = mysql_connect ("$databaseHostname", "$databaseUsername", "$databasePassword")or die("error: cannot connect - " . mysql_error());
- mysql_select_db("$databaseDbName")or die("cannot select DB");
- $getuserid = mysql_query("SELECT * FROM $usertable WHERE username = '$username'") or die ("something went wrong");
- $getqap = mysql_query("SELECT * FROM $passtable WHERE pf_qap = '$password'") or die("Something went wrong");
- $userid = mysql_fetch_assoc($getuserid);
- $qap = mysql_fetch_assoc($getqap);
- if ($getuserid) {
- // Check for at least one row returned
- if (mysql_num_rows($getuserid) == 1) {
- //echo "We have found a user id";
- ++$checksum;
- }
- else {
- //echo "We couldn't find a user id";
- }
- }
- if ($getqap) {
- if (mysql_num_rows($getqap) == 1) {
- ++$checksum;
- //echo "We have found a PIN!";
- }
- else {
- //echo "We could not find a PIN!";
- }
- }
- if ($checksum == 2) {
- echo "Redirecting...";
- //echo $userid['user_id'];
- ?>
- <html>
- <meta http-equiv="refresh" content="0; url=./display.php" />
- </html>
- <?
- }
- else {
- echo "Redirecting...";
- ?>
- <html>
- <meta http-equiv="refresh" content="0; url=./failure.htm" />
- </html>
- <?
- }
- ?>
- <?php session_start();
- //DB Connection info left out on purpose.
- $user2 = $_SESSION['username'];
- $link = mysqli_connect ("$databaseHostname", "$databaseUsername", "$databasePassword", "$databaseDbName")or die("error: cannot connect - " . mysql_error());
- $result = mysqli_query($link, "SELECT * FROM moongame_appeal WHERE appeal_user = '$username'");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement