Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if(isset($_POST['login']))
- {
- $salt = '78sdjs86d2h';
- $username = mysqli_real_escape_string($DB_H, addslashes($_POST['username']));
- $password = mysqli_real_escape_string($DB_H, addslashes($_POST['password']));
- $hash1 = hash('sha256', $password . $salt);
- $hash = strtoupper($hash1);
- $dbh = new PDO("mysql:host=localhost;dbname=qq_ss", "root", "");
- $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $stmt = $dbh->prepare("SELECT id, Name, password FROM players
- WHERE Name = :numele AND password = :parola");
- /*** bind the parameters ***/
- $stmt->bindParam(':numele', $username, PDO::PARAM_STR);
- $stmt->bindParam(':parola', $hash, PDO::PARAM_STR, 40);
- /*** execute the prepared statement ***/
- $stmt->execute();
- /*** check for a result ***/
- $user_id = $stmt->fetchColumn();
- /*** if we have no result then fail boat ***/
- if($user_id == false)
- {
- $msg = "Datele introduse sunt greșite!";
- }
- /*** if we do have a result, all is well ***/
- else
- {
- /*** set the session user_id variable ***/
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $hash;
- echo "
- <script type='text/javascript'>
- <!--
- function Redirect()
- {
- window.location='/panel/';
- }
- setTimeout('Redirect()', 50);
- //-->
- </script>";
- }
- }
- ?>
Add Comment
Please, Sign In to add comment