Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Start session
- session_start();
- //Check whether the session variable SESS_MEMBER_ID is present or not
- if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '1')) {
- header("location: access-denied.php");
- exit();
- }
- ?>
- <?php
- session_start(); // create a session
- ob_start(); // hold off sending page to the browser just yet...
- /// Connect to Database
- require_once ('db_connect.php');
- /// Call the Table
- $tbl_name="tbl_accounts";
- /// To protect MySQL injection
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $SESS_MEMBER_ID="SELECT Account_Level FROM tbl_accounts WHERE username='$username'";
- /// Username and Password sent from form
- $username=$_POST['user'];
- $password=md5($_POST['pass']);
- $Account_Level="SELECT Account_Level FROM $tbl_name WHERE username='$username'";
- $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
- $result=mysql_query($sql);
- // Mysql_num_row is counting table row
- $count=mysql_num_rows($result);
- // If result matched $myusername and $mypassword, table row must be 1 row
- if($count==1){
- // Register $username, $password and redirect to file "login_success.php"
- session_register("username");
- session_register("password");
- session_register("SESS_MEMBER_ID");
- header("location:index.php?pagelet=admins");
- ob_end_flush();
- }
- else {
- echo "Wrong Username or Password";
- header("location:index.php");
- ob_end_flush();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
