<?phpsession_start();if (!isset($_SESSION['initiated'])){ session_regene

1. <?php
2. session_start();
3. if (!isset($_SESSION['initiated']))
4. {
5. session_regenerate_id();
6. $_SESSION['initiated'] = true;
7. }
8. if (isset($_SESSION['HTTP_USER_AGENT']))
9. {
10. if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
11. {
12. echo(its working fuck head but your not in the system1');
13. exit();
14. }
15. }
16. else
17. {
18. $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
19. }
20. $username = $_POST['username'];
21. $password = $_POST['password'];
22. require 'connect.php';
23. $username = mysql_real_escape_string($username);
24. $query = "SELECT password, salt
25. FROM users
26. WHERE username = '$username';";
27. $result = mysql_query($query);
28. if(mysql_num_rows($result) < 1) // no such user exists
29. {
30. echo(its working fuck head but your not in the system2');
31. }
32. $userData = mysql_fetch_array($result, MYSQL_ASSOC);
33. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
34. if($hash != $userData['password']) //incorrect password
35. {
36. echo(its working fuck head but your not in the system3');
37. }
38. //login successful
39. else
40. {
41. validateUser();
42. }
43. ?>