Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $user = $_POST['user']; //sql injection protection
- $user = trim($user);
- $user = strip_tags($user);
- $user = htmlspecialchars($user);
- $pass = $_POST['pass'];
- $pass = trim($pass);
- $pass = strip_tags($pass);
- $pass = htmlspecialchars($pass);
- $pass = hash('sha512', $pass);
- $sql = "SELECT id, user, pass FROM kerb_users WHERE user='".$user."' AND pass='".$pass."'";
- $query = mysqli_query($con, $sql);
- if($row = mysqli_fetch_array($sql)) {
- $_SESSION['id'] = $row['id'];
- $_SESSION['user'] = $row["user"];
- header("Location: ./index.php");
- } else {
- echo "Incorrect credentials, <a href='javascript:history.back();'>try again.</a>";
- }
- }
- }else {
- header("Location: index.php");
- }
Add Comment
Please, Sign In to add comment