Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- require_once('./inc/mysql_connection.php');
- if(isset($_POST['uname']) && isset($_POST['pword'])){
- $username=$_POST['uname'];
- $password=$_POST['pword'];
- $qry="SELECT * FROM tbl_users WHERE username='$username';";
- $result=mysql_query($qry);
- $max = 5;
- if($result){
- if(mysql_num_rows($result)==1){
- $row = mysql_fetch_array($result);
- session_regenerate_id();
- $_SESSION['loginID'] = $row['id'];
- $_SESSION['username'] =$row['username'];
- $retries = $row['retries'];
- if($retries < 5){
- if($password == $row['pwd']){
- mysql_query("UPDATE tbl_users SET retries = 0 WHERE username = 'admin'");
- header("location:home.php");
- }
- else{
- $_SESSION['errmsg'] = "Incorrect Password! <br /> Retries left: ". ($max - ($retries + 1));
- header('location:login.php');
- mysql_query("UPDATE tbl_users SET retries = retries + 1 WHERE username = 'admin'");
- }
- }else{
- $_SESSION['errmsg'] = "Account Locked!<br /> Maximum retries has been reached!";
- header('location:login.php');
- }
- }else{
- $_SESSION['errmsg'] = "User does not exist!";
- header('location:login.php');
- }
- }else{
- die(mysql_error());
- }
- }else{
- header('localhost:login.php');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement