Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $user = $_POST['user'];
- $_SESSION['user'] = $user;
- define('DB_HOST', 'localhost');
- define('DB_NAME', 'mkuiper1');
- define('DB_USER','mkuiper1');
- define('DB_PASSWORD','password');
- $con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error());
- $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
- /*
- $ID = $_POST['user'];
- $Password = $_POST['pass'];
- */
- function SignIn($data){
- //checking the 'user' name which is from Sign-In.html, is it empty or have some text
- if(!empty($data['user'])){
- //$query = mysql_query("SELECT * FROM WebsiteUsers where userName = '".$data['user']."' AND pass = '".$data['pass']."'") or die(mysql_error());
- // The above query is sql-injecation valnerable query, use the below query instead
- // Also do not use mysql erxtension anymore is deprecated, use mysqli instead
- // Let us say that your db connection is stored in $con variable
- $stmt = $con->prepare("SELECT * FROM WebsiteUsers where userName = '$_POST[user]' AND pass = '$_POST[pass]'");
- $stmt->bind_param('ss', $data['user'],$data['pass']);
- if($stmt->execute()){
- $stmt->store_result();
- if($stmt->num_rows>0){
- $result = $stmt->get_result();
- while ($row = $result->fetch_assoc()) {
- $_SESSION['userName'] = $row['pass'];
- //echo "Login Succesvol!"; do not echo anything here before redirecting !!!
- $_SESSION['loggedin'] = 1;
- header("Location: index.php");
- }
- }
- }
- } else{
- $message = "Verkeerde Gebruikersnaam/Wachtwoord!";
- echo ("<SCRIPT LANGUAGE='JavaScript'>
- window.alert('$message')
- window.location = '/Sign-In.php';
- </SCRIPT>");
- }
- }
- if(isset($_POST['submit'])){
- SignIn($_POST);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement