Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Start session
- session_start(); // Notice that variables declared $_SESSION _____ are destroyed when the page is exited.
- //Include database connection details
- require_once('connection.php'); // invoking the php script which makes connection to our MySQL server
- //Array to store validation errors
- $errmsg_arr = array(); // we can ommit this line
- //Validation error flag
- $errflag = false; // used to check errors in input etc
- //Function to sanitize values received from the form.PREVENTING SQL INJECTION
- function clean($str) {
- $str = @trim($str); // removes whitespace
- if(get_magic_quotes_gpc()) { //get_magic_quotes_gpc() is a function that checks the configuration (php.ini) and returns 0 if magic_quotes_gpc is off (otherwise it returns 1).
- $str = stripslashes($str); // removes slashes.
- }
- return mysql_real_escape_string($str); //Escapes special characters in the unescaped_string,
- //taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). mysql_query() will be used later on
- }
- //Sanitize the POST values
- $username = clean($_POST['username']);
- $password = clean($_POST['password']);
- //Input Validations
- if($username == '') {
- $errmsg_arr[] = 'Username missing';
- $errflag = true;
- }
- if($password == '') {
- $errmsg_arr[] = 'Password missing';
- $errflag = true;
- }
- //If there are input validations, redirect back to the login form
- if($errflag) {
- $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
- session_write_close();
- header("location: index.php"); // sends HTTP request to our login page.
- exit();
- }
- //Create query
- $qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
- $result=mysql_query($qry); // creating queries
- //Check whether the query was successful or not
- if($result) {
- if(mysql_num_rows($result) > 0) { // this method returns the number of rows which are found from the query. USUALLY we must have one row returned. further sanity checks can be performed here
- //Login Successful //
- session_regenerate_id(); // we need to preserve the Session variables
- $member = mysql_fetch_assoc($result); // creates a reference to the data in DB
- $_SESSION['SESS_MEMBER_ID'] = $member['mem_id']; // creating variables for the session.
- $_SESSION['SESS_FIRST_NAME'] = $member['username'];
- $_SESSION['SESS_LAST_NAME'] = $member['password'];
- session_write_close();
- header("location: home.php"); // sends HTTP request to our home page.
- exit();
- }else {
- //Login failed
- $errmsg_arr[] = 'user name and password not found';
- $errflag = true;
- if($errflag) {
- $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
- session_write_close();
- header("location: index.php");
- exit();
- }
- }
- }else {
- die("Query failed");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement