Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Include global variables and initiate a database connection
- require('./connect.php');
- // Escape the email address so the DB is hacker-safe
- $email_address = mysql_real_escape_string($_POST['email_address']);
- // Search the DB for any members with the submitted email address
- $result = mysql_query("SELECT * FROM runningclub WHERE email_address='$email_address'");
- // Set $pass to false as a default value
- $pass = false;
- // If one record is returned..
- if (mysql_num_rows($result) == 1) {
- // Populate $user with an associative array of values
- $user = mysql_fetch_assoc($result);
- // Hash up the submitted password in the same way those in the DB are hashed
- $password = sha1(sha1($_POST['password']) . PASSWORD_SALT);
- // Check the submitted password and the password in the DB match
- if ($password == $user['password']) {
- // They match, set cookies and redirect to the members area
- setcookie('email', $user['email_address'], time()+60*60*2)
- setcookie('password', sha1($user['password'] . COOKIE_SALT), time()+60*60*2)
- header('Location: membersarea.php');
- // Set $pass to true so the conditional below does not evaluate
- $pass = true;
- }
- }
- // If no users were found or the passwords did not match...
- if (!$pass) {
- // Let the user know
- echo "Wrong Username or Password, please press the back button in your browser and try again";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
