Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if($_POST['login']):
- $username = stripslashes(mysql_real_escape_string($_POST['username']));
- $password = stripslashes(mysql_real_escape_string($_POST['password']));
- $query = mysql_query("SELECT * FROM users WHERE username='$username'");
- $numrows = mysql_num_rows($query);
- $row = mysql_fetch_array($query);
- $dbusername = $row['username'];
- $dbpassword = $row['password'];
- $dbstaffid = $row['staffid'];
- $dblevel = $row['level'];
- $date = date('d-M-Y : h:i:s a');
- if($username&&$password)
- {
- if($numrows!=0)
- {
- if($username==$dbusername&&md5($password)==$dbpassword)
- {
- $sql = mysql_query("select * from biodata where staffid='$dbstaffid'") or die(mysql_error());
- $row = mysql_fetch_array($sql);
- $sqlUpdate = mysql_query("UPDATE users SET last_log='$date' WHERE staffid='$dbstaffid'");
- $_SESSION['name'] = $row['name'];
- $_SESSION['auths'] = true ;
- $_SESSION['username'] = $dbusername;
- $_SESSION['level'] = $dblevel;
- $_SESSION['staffid'] = $dbstaffid;
- header("location:?page=user_info");
- }
- else
- $msg = "Incorrect password !";
- }
- else
- $msg = "User not exist !";
- }
- else
- $msg = "Fill the blanks !";
- endif;
- include("templates/login.html");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
