Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * auth.php
- */
- require_once ("conf/connect.php");
- session_start();
- if (mysqli_connect_errno()) {
- print "Error connecting to db :" . mysqli_connect_errno();
- }
- $sql_stmt = "SELECT *,sponsor_id FROM system_user WHERE username='" . $_POST['username'] . "'AND password='" . $_POST['password'] . "'AND type='" . $_POST['correct'] . "'";
- $rs = mysqli_query($db_connect, $sql_stmt);
- $row = mysqli_fetch_array($rs);
- // close connection
- mysqli_close($db_connect);
- if ((mysqli_num_rows($rs) > 0) && ($_POST['correct'] == "1")) {
- $_SESSION['authenticated'] = TRUE;
- $_SESSION['username'] = $_POST['username'];
- // time log
- header('Location:admin/manage_user/log.php?user="' . $_POST['username'] . '"&hey="' . $_POST['password'] . '"&test3="' . $_POST['correct'] . '"');
- exit;
- }
- elseif ((mysqli_num_rows($rs) > 0) && ($_POST['correct'] == "2")) {
- $_SESSION['authenticated'] = TRUE;
- $_SESSION['username'] = $_POST['username'];
- // time log
- header('Location:staff/log.php?userid="' . $row['id'] . '"');
- exit;
- }
- elseif ((mysqli_num_rows($rs) > 0) && ($_POST['correct'] == "3")) {
- $_SESSION['authenticated'] = TRUE;
- $_SESSION['username'] = $_POST['username'];
- // time log
- header('Location:sponsor/log.php?userid="' . $row['id'] . '"');
- exit;
- }
- else {
- // not authenticated
- // redirect users to index.php (login page)
- $_SESSION['err'] = "Invalid Username and Password";
- header('Location:index.html');
- exit;
- }
- /**** end of file authenticate.php **/
Add Comment
Please, Sign In to add comment