Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'config.php';
- session_start();
- $strError = '';
- $mysql = mysqli_connect($strDBHost, $strDBUser, $strDBPass, $strDBName);
- if (isset($_POST['submit'])) {
- $strName = $_POST['username'];
- $strPass = $_POST['password'];
- $intPin = $_POST['spin'];
- if (empty($strName) || empty($strPass) || empty($intPin)) {
- $strError = 'Please fill in all the information';
- } else {
- $strName = mysqli_real_escape_string($mysql, $strName);
- $strPass = mysqli_real_escape_string($mysql, $strPass);
- $intPin = mysqli_real_escape_string($mysql, $intPin);
- $strName = addslashes($strName);
- $strPass = addslashes($strPass);
- $intPin = addslashes($intPin);
- $strPass = md5($strPass);
- $resQuery = $mysql->prepare("SELECT username FROM users WHERE username = ? AND password = ?");
- $resQuery->bind_param("s", $strName, $strPass);
- $resQuery->execute();
- $intRows = $resQuery->num_rows();
- if($intRows->num_rows == 1) {
- $resQueryTwo = $mysql->prepare("SELECT * FROM users WHERE username = ?");
- $resQueryTwo->bind_param("s", $strName);
- $resQueryTwo->execute();
- $result = $resQueryTwo->store_result();
- $arrInfo = $result->fetch_assoc();
- if ($arrInfo['spin'] == $intPin) {
- $_SESSION['login_user'] = $strName;
- $_SESSION['ID'] = $arrInfo['ID'];
- $_SESSION['isStaff'] = $arrInfo['isStaff'];
- $_SESSION['isAdmin'] = $arrInfo['isAdmin'];
- header('location: profile.php');
- } else {
- $strError = 'Secret pin is invalid';
- }
- } else {
- $strError = 'Username or Password is invalid';
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment