Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * If user trying to log in
- * into admin panel
- */
- if ($_SERVER['REQUEST_METHOD'] == 'POST'
- && $_POST['submit'] == 'Prisijungti'
- && !empty ($_POST['username'])
- && !empty ($_POST['password'])) {
- // include neccesary files
- include_once '../inc/db.inc.php';
- // database connection
- $db = new PDO(DB_INFO, DB_USER, DB_PASS);
- $sql = "SELECT COUNT(*) as num_users
- FROM users
- WHERE username = ? AND password = ?";
- $stmt = $db->prepare($sql);
- $stmt->execute(array(
- mysql_real_escape_string($_POST['username']),
- mysql_real_escape_string(md5($_POST['password']))
- ));
- $response = $stmt->fetch();
- $stmt->closeCursor();
- if ($response['num_users'] > 0) {
- /**
- * if logged in succesfully redirect user to the admin panel
- * also create a session
- */
- $_SESSION['loggedIn'] = TRUE;
- $_SESSION['username'] = mysql_escape_string($_POST['username']);
- $_SESSION['lastLogin'] = date();
- header('Location: ../admin/admin.php');
- } else {
- /**
- * destroy the session
- * and print out the error message
- */
- session_unset();
- session_destroy();
- echo '<p class="error">Something wrong with your login information. Please <a href="../admin">try</a> again</a>';
- }
- }
Add Comment
Please, Sign In to add comment
