Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function LoginUser($username, $password){
- // Check if user adn password matches an user in database
- if(isset($_POST['username'])){
- $username = mysqli_real_escape_string($this->db, $username);
- $password = mysqli_real_escape_string($this->db, $password);
- $sql = "SELECT * FROM users WHERE name='$username'";
- $result = mysqli_query($this->db, $sql) or die('Fel vid SQL-fråga - inloggning');
- if(mysqli_num_rows($result)){
- $row = mysqli_fetch_array($result);
- $stored_password = $row['password'];
- // check if hash_equals-function exists
- if(function_exists("hash_equals")) {
- //If excists
- if(hash_equals($stored_password, crypt($password, $stored_password))) {
- // create session
- header("location: user/loggedin.php");
- $_SESSION['login'] = $username;
- }else{
- echo '*WRONG!*';
- }
- }else{
- //if not exists, use alternate method
- if($stored_password == crypt($password, $stored_password)){
- // create session that tells that we're logged in
- header("location: ../user/loggedin.php");
- $_SESSION['name'] = $username;
- }else{
- echo 'WRONG!';
- }
- }
- }
- }
- }
- <?php
- // call class User.php, LoginUser
- $users = new User();
- if(isset($_POST['loginButton'])){
- if($users->LoginUser($_POST['username'], $_POST['password'])){
- //header("location: admin/admin.php");
- }else{
- echo 'wrong username or password';
- }
- }
- if(hash_equals($stored_password, crypt($password, $stored_password))) {
- // create session
- header("location: user/loggedin.php");
- $_SESSION['login'] = $username;
- }else if($stored_password == crypt($password, $stored_password)){
- // create session that tells that we're logged in
- header("location: ../user/loggedin.php");
- $_SESSION['name'] = $username;
- }else{
- echo 'WRONG!';
- }
- location: user/loggedin.php
- location: ../user/loggedin.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement