API tools faq
paste
Guest User

Untitled

a guest
Aug 12th, 2018
279
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.96 KB | None | 0 0
raw download clone embed print report
  1. can I improve my PHP log-in system with cookies?
  2. <?
  3. session_start();
  4.  
  5. $username = $_POST['username'];
  6. $password = $_POST['password'];
  7.  
  8. if ($username && $password){
  9. $query = mysql_query("SELECT * FROM user WHERE username='$username' ");
  10. $numrows = mysql_num_rows($query);
  11.  
  12. //if user exists
  13. if ($numrows !=0){
  14. while ($row = mysql_fetch_array($query)){
  15. $dbusername = $row['username'];
  16. $dbpassword = $row['password'];
  17. }
  18.  
  19. if ($username == $dbusername && md5($password) == $dbpassword){
  20. echo 'You're in! <a href="member.php">Click</a> here to enter the member page.';
  21. $_SESSION['username'] = $dbusername;
  22.  
  23. }
  24. else
  25. echo "incorrect password!";
  26. }
  27. else
  28. die("sorry, that user doesn't exist!");
  29. }
  30.  
  31.  
  32.  
  33. ?>
  34.  
  35. <?
  36. session_start();
  37.  
  38.  
  39. if ($_SESSION['username']){
  40. echo "Welcome, ".$_SESSION['username']."!<br>
  41. <a href='changepassword.php'>Change password</a>
  42. ";
  43. }
  44. else{
  45. echo "please log in";
  46. }
  47. ?>
  48.  
  49. $username = $_POST['username'];
  50.  
  51. $username = mysql_real_escape_string($_POST['username']);
  52.  
  53. <?php
  54. session_start();
  55.  
  56. $db = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME, DB_USER, DB_PASS);
  57.  
  58. $username = $_POST['username'];
  59. $password = $_POST['password'];
  60.  
  61. if ($username && $password){
  62. $query = $db->prepare("SELECT * FROM user WHERE username = :usr");
  63. $query->execute(array('usr' => $username));
  64. $numrows = $query->rowCount();
  65.  
  66. //if user exists
  67. if ($numrows !=0){
  68. while ($row = $query->fetch()){
  69. $dbusername = $row['username'];
  70. $dbpassword = $row['password'];
  71. }
  72.  
  73. if ($username == $dbusername && md5($password) == $dbpassword){
  74. echo 'You're in! <a href="member.php">Click</a> here to enter the member page.';
  75. $_SESSION['username'] = $dbusername;
  76.  
  77. }
  78. else
  79. echo "incorrect password!";
  80. }
  81. else
  82. die("sorry, that user doesn't exist!");
  83. }
  84. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!