string(3) "s17" string(32) "PASSWORD HASH HERE" <?php// Start Session to e

1. string(3) "s17" string(32) "PASSWORD HASH HERE"
2.  
3. <?php
4.  
5. // Start Session to enable creating the session variables below when they log in
6. session_start();
7. // Force script errors and warnings to show on page in case php.ini file is set to not display them
8. //error_reporting(E_ALL);
9. //ini_set('display_errors', '1');
10. //-----------------------------------------------------------------------------------------------------------------------------------
11. // Initialize some vars
12.  
13.  
14. include 'connect_to_mysql.php';
15.  
16.  
17. $var_error="";
18. if (isset($_SESSION['error'])) {
19.  
20. $var_error = $_SESSION['error'];
21. unset($_SESSION['error']);
22. $error_check_tok = "error_overlay();";
23.  
24. }else{
25. unset($_SESSION['error']);
26.  
27. }
28.  
29.  
30.  
31.  
32. $login_username = '';
33. $login_password = '';
34. if (isset($_POST['login_submit'])) {
35.  
36. $login_username = $_POST['login_username'];
37. $login_password = $_POST['login_password'];
38.  
39. $login_username = stripslashes($login_username);
40. $login_password = stripslashes($login_password);
41.  
42. $login_username = strip_tags($login_username);
43. $login_password = strip_tags($login_password);
44.  
45.  
46.  
47. // error handling conditional checks go here
48. if ((!$login_username) || (!$login_password)) {
49.  
50. $reg_error = "you did not enter both Username and Password, Please try again.";
51. $_SESSION['error'] = $reg_error;
52. header("Location: index.php");
53.  
54. } else { // Error handling is complete so process the info if no errors
55. include 'connect_to_mysql.php'; // Connect to the database
56.  
57. $login_username = mysql_real_escape_string($login_username); // After we connect, we secure the string before adding to query
58. $login_password = mysql_real_escape_string($login_password); // After we connect, we secure the string before adding to query
59.  
60. $login_password = md5($login_password); // Add MD5 Hash to the password variable they supplied after filtering it
61. var_dump($login_username);
62. var_dump($login_password);
63. // Make the SQL query
64. $sql_users = mysql_query("SELECT * FROM users WHERE username='$login_username' AND password='$login_password' AND account_activated='1'", $general);
65. $login_check = mysql_num_rows($sql_users);
66. // If login check number is greater than 0 (meaning they do exist and are activated)
67. if($login_check >= 1){
68. while($row_users = mysql_fetch_array($sql_users)){
69.  
70. // Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
71. // he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0 thru 5.3+)
72. // Create session var for their raw id
73. $user_id = $row_users["user_id"];
74. $user_no_of_logins = $row_users["no_of_logins"];
75. $user_online = $row_users["online"];
76.  
77. $_SESSION['user_id'] = $user_id;
78. // Create the idx session var
79. $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
80. // Create session var for their username
81. $login_username = $row["login_username"];
82. $_SESSION['login_username'] = $login_username;
83. // Create session var for their password
84. $login_userpass = $row["login_password"];
85. $_SESSION['login_userpass'] = $login_userpass;
86.  
87.  
88. //$sql_login_check = mysql_num_rows($sql_login);
89. if($user_no_of_logins == "0"){
90.  
91. mysql_query("UPDATE users SET first_login=now() WHERE user_id='$user_id' LIMIT 1", $general);
92.  
93. }
94.  
95. if($user_online == "0"){
96.  
97. mysql_query("UPDATE users SET online = '1' WHERE user_id='$user_id' LIMIT 1", $general);
98. mysql_query("UPDATE system SET no_online = no_online + 1", $system);
99. }
100.  
101.  
102. mysql_query("UPDATE users SET last_login=now() WHERE user_id='$user_id' LIMIT 1", $general);
103. mysql_query("UPDATE users SET no_of_logins = no_of_logins + 1 WHERE user_id='$user_id' LIMIT 1", $general);
104. mysql_query("UPDATE system SET total_logins = total_logins + 1", $system);
105.  
106.  
107.  
108.  
109. } // close while
110.  
111. // Remember Me Section
112. if(isset($_POST['login_remember'])) {
113. $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$user_id");
114. setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
115. setcookie("passCookie", $login_password, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
116.  
117. }
118.  
119. // All good they are logged in, send them to homepage then exit script
120. header("Location: overview.php");
121.  
122. } else { // Run this code if login_check is equal to 0 meaning they do not exist
123. $reg_error = "Login Inputs Incorrect, Please try again.";
124. $_SESSION['error'] = $reg_error;
125. header("Location: index.php");
126. }
127.  
128.  
129. } // Close else after error checks
130.  
131. }
132.  
133. ?>
134.  
135. <blink>
136. vvvvvvvvvvvvvvvvvvvvvvvvvv
137. ---------> var_dump($login_username); <---------
138. ---------> var_dump($login_password); <---------
139. ^^^^^^^^^^^^^^^^^^^^^^^^^^
140. </blink>
141.  
142. var_dump($login_username);
143. var_dump($login_password);