API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 6th, 2017
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.30 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Should be on the top if you will be using the session variables below
  3. session_start();
  4.  
  5. if(!isset($_SESSION['logged_in']) || empty($_SESSION['logged_in']))
  6. {
  7.     // If user is not authenticated redirect to authentication page
  8.     if (!$_SESSION['logged_in'])
  9.         header("Location: localhost/login.htm");
  10. }
  11.  
  12. // Now we check if the form information are sent, if not why bother connecting to the database in the first place
  13. if (isset($_POST['username']) && isset($_POST['password']))
  14. {
  15.     if (!empty($_POST['username']) && !empty($_POST['password'])
  16.     {
  17.         // Trim removes the white spaces from the beginning and end | mysql_real_escape_string Saves your ass from injections
  18.         $varUsername = mysql_real_escape_string(trim($_POST['username']));
  19.         $varPassword = md5(mysql_real_escape_string(trim($_POST['username'])));
  20.         // ^^ The best practice would be to put create a function that will clean your $_POST data
  21.        
  22.         /*
  23.          * Database connection variables go here: | Although usually it's better to have an other script outside that will make the connections
  24.          * Just incase you want to move from development to online publishing you wouldn't have to write these variables and change them in each
  25.          * and every page of your script!
  26.          */
  27.          $dbHost = "localhost";
  28.          $dbUser = "webuser";
  29.          $dbPass = "";
  30.          $dbDatabase = "mydatabase";
  31.          
  32.          $db = mysql_connect($dbHost, $dbUser, $dbPass) or die("Error connecting to database.");
  33.          mysql_select_db($dbDatabase, $db) or die("Coudln't select the databse.");
  34.          
  35.          // It's usually a good practice to store your sql statements in a variable
  36.          $m_query = "SELECT userName, userPass FROM users WHERE userName='$varUsername' AND userPass='$varPassword'";
  37.          $result = mysql_query($m_query, $db);
  38.          
  39.          // Making sure the query was processed correctly and returned an identifier
  40.          if ($result)
  41.          {
  42.             if ($mysql_num_rows($result) > 0)
  43.             {
  44.                 while($row = mysql_fetch_assoc($result)
  45.                 {
  46.                    
  47.                    // Set the session variables
  48.                    $_SESSION['username'] = $row['user'];
  49.                    $_SESSION['logged_in'] = true;
  50.                  
  51.                 }
  52.                
  53.             // Successful login code will go here...
  54.             echo 'Success!';
  55.             }
  56.             else
  57.             {
  58.                 echo 'Invalid username and Password!';
  59.             }
  60.          }
  61.     }
  62. }
  63. else
  64. {
  65.     echo 'Authentication error: Invalid username\password';
  66. }
  67. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!