Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once('Connect.php');
- if(!isset($_SESSION['SESS_USERNAME']) || (trim($_SESSION['SESS_USERNAME']) == ''))
- {
- echo '
- <form id="loginForm" name="loginForm" method="post" action="login-exec.php">
- <font face="arial" size="3">Username:<br></font>
- <input name="username" type="text" class="textfield" id="login" />
- <br>
- <br>
- <font face="arial" size="3">Password:<br></font>
- <input name="password" type="password" class="textfield" id="password" />
- <br>
- <br>
- <font face="arial" size="3">Password:<br></font>
- <input name="AdminPassword" type="Apassword" class="textfield" id="Apassword" />
- <input type="submit" name="Submit" value="Login" />
- </form>';
- }
- else
- {
- echo '<font face="arial" size="4"><p><b>Welcome</b><br><font face="arial" size="6"><i>'.$_SESSION['SESS_USERNAME'].'</i></p></font></font>';
- }
- ?>
- <?php
- //Start session
- session_start();
- require_once('Connect.php');
- //Validation error flag
- $errflag = false;
- //Function to sanitize values received from the form. Prevents SQL injection
- function clean($str) {
- $str = @trim($str);
- if(get_magic_quotes_gpc()) {
- $str = stripslashes($str);
- }
- return mysql_real_escape_string($str);
- }
- //Sanitize the POST values
- $username = clean($_POST['username']);
- $password = clean($_POST['password']);
- //Input Validations
- if($username == '') {
- $_SESSION['ERRMSG_ARR'] = 'Username missing.';
- $errflag = true;
- }
- if($password == '') {
- $_SESSION['ERRMSG_ARR'] = 'Password missing.';
- $errflag = true;
- }
- If($Apassword == ") {
- $_SESSION['ERRMSG_ARR'] = 'Adminpassword missing.';
- $errflag = true;
- }
- //If there are input validations, redirect back to the login form
- if($errflag) {
- $_SESSION['ERRMSG_PAGE'] = 'adminpanel.php';
- session_write_close();
- header("location: /error.php");
- exit();
- }
- //Create query
- $qry="SELECT * FROM `Users` WHERE `Username` = '$username' AND `Password` = '".udb_hash($password)."' LIMIT 1";
- $result=mysql_query($qry);
- //Check whether the query was successful or not
- if($result) {
- if(mysql_num_rows($result) == 1) {
- //Login Successful
- session_regenerate_id();
- $member = mysql_fetch_assoc($result);
- $_SESSION['SESS_USERNAME'] = $member['Username'];
- $_SESSION['SESS_ADMIN'] = $member['Level'];
- session_write_close();
- header("location: /adminpanel.php");
- exit();
- }else {
- //Login failed
- $_SESSION['ERRMSG_ARR'] = 'Invalid Username or Password.';
- $_SESSION['ERRMSG_PAGE'] = 'playerpanel.php';
- session_write_close();
- header("location: /error.php");
- exit();
- }
- }else {
- die("Query failed");
- }
- function udb_hash($pass)
- {
- $length = strlen($pass);
- $s1 = 1;
- $s2 = 0;
- for($i=0; $i<$length; $i++)
- {
- $s1 = ($s1 + ord($pass[$i])) % 65521;
- $s2 = ($s2 + $s1) % 65521;
- }
- $wy= ($s2 << 16) + $s1;
- return $wy;
- }
- ?>
- SELECT * FROM `AdminPass` WHERE `Apassword`
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement