Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require("p_db_connection.php");
- $username = $_POST['username'];
- $password = $_POST['password'];
- if($username<>'' and $password<>'')
- {
- #You shouldnt be using md5 or sha1 for passwords
- #read this https://crackstation.net/hashing-security.htm
- $encrypt_password = sha1($password);
- $sql = "SELECT * FROM useraccount WHERE user_name = '".$username."' AND user_pass = '".$encrypt_password."' AND user_status = 'Activated' LIMIT 1 ";
- $result = mysqli_query($conn, $sql);
- if(mysqli_errno($con)>0)
- {
- echo "Query error " . mysqli_errno($con);
- #dont leak information ( to hackers ) displaying mysqli_error($con)
- #handle the error
- } else {
- $count = mysqli_num_rows($result);
- if($count > 0)
- {
- while($info_result = mysqli_fetch_assoc($result))
- {
- $_SESSION['user_name'] = $username;
- if($info_result['user_privileges'] === "Admin")
- {
- header("Location: ../user_profile.php?login=success");
- exit;
- }
- if($info_result['user_privileges'] === "Reporting User")
- {
- header("Location: ../user_profile_r.php?login=success");
- exit;
- }
- if($info_result['user_privileges'] === "Monitoring User")
- {
- header("Location: ../user_profile_m.php?login=success");
- exit;
- }
- if($info_result['user_privileges'] === "External User")
- {
- header("Location: ../user_profile_e.php?login=success");
- exit;
- }
- }
- }
- }
- }
- $_SESSION['error_login'] = "Your username and password did not match in our system.";
- header("Location: ../login.php?error=didnotmatch");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement