Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $username = sterilize( $_REQUEST['username'] );
- $password = sterilize( $_REQUEST['password'] );
- $sql = "SELECT * FROM users WHERE username = '$username' LIMIT 1";
- $link = mysql_connect($host, $db_user, $db_password) or die('Could not connect: ' . mysql_error());
- mysql_select_db("$databaseName") or die("Could not select database");
- $result = mysql_query($query) or die("<p>Querying database failed: " . mysql_error());
- $record = mysql_fetch_array($result, MYSQL_ASSOC);
- if(!$record)
- {
- // Username not found in Dataase
- header('Location: '.$error_page);
- exit;
- }
- if( crypt( $password ) ) == $record['password'] )
- {
- $_SESSION['username'] = $username;
- header('Location: '.$success_page);
- exit;
- }
- /////////////////////////////////////
- // Avoid SQL injection, and cross-site scripting
- function sterilize($q, $is_sql=true)
- {
- if( !$is_sql ) $input = htmlentities($q, ENT_QUOTES);
- if( get_magic_quotes_gpc() )
- {
- // Remove possible existing magic quote quoting
- $input = stripslashes($input);
- }
- if($is_sql)
- {
- $input = mysql_real_escape_string($input);
- }
- $input = strip_tags($input);
- $input = str_replace("
- ", "\n", $input);
- return $input;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement