<html><body> <?php error_reporting(-1); ini_set('display_errors', 'on'); ?>

1. <html>
2. <body>
3.  <?php error_reporting(-1); ini_set('display_errors', 'on'); ?>
4. <?php
5. session_start();
6.  
7.            
8. //Declare username and password variable from login form
9. $username = $_POST['username'];
10. $password = $_POST['password'];
11.  
12. //Define mySQL server login information
13. //$dbhost = 'localhost';
14. //$dbname = 'basiclogin';
15. //$dbuser = 'root';
16. //$dbpass = 'Password@1'; //not really
17.  
18.  
19.  
20.  
21. //Connection variable
22. //$conn = mysql_connect($dbhost, $dbuser, $dbpass); OLD MYSQL WAY
23.  
24.  
25.  
26. //NEW PDO WAY
27. $conn = new PDO('mysql:host=localhost;dbname=basiclogin', 'root', 'Password@1');
28.  
29. /*try {
30.     //connect as appropriate as above
31.     $conn->query('hi'); //invalid query!
32. } catch(PDOException $ex) {
33.     echo "An Error occured!"; //user friendly message
34.     some_logging_function($ex->getMessage());
35. }*/
36.  
37. //Begin using database
38. //mysql_select_db($dbname, $conn);
39.  
40. //SQL injection protection
41. //$username = mysql_real_escape_string($username);
42.  
43. //Define the query to be used by mySQL
44. $query = "SELECT password, salt
45.        FROM users
46.        WHERE username = '$username';";
47.  
48. //Define the query to be used by mySQL
49. $query2 = "SELECT username
50.        FROM users
51.        WHERE username = '$username';";
52.  
53. //Define the query to be used by mySQL
54. $query3 = "SELECT authlevel
55.        FROM users
56.        WHERE username = '$username';";
57.  
58.  
59. //Die if connection is bad
60. if (!mysql_query($query,$conn))
61.  {
62.   die('Error: ' . mysql_error());
63.   }
64.  
65.  
66. //Set $result equal to the username
67. $result = mysql_query($query);
68. if(mysql_num_rows($result) < 1) //no such user exists
69. {
70.     //Return the user to the login page
71.     header('Location: login.php');
72. }
73.  
74. //Set $result equal to the username
75. $result2 = mysql_query($query2);
76. if(mysql_num_rows($result) < 1) //no such user exists
77. {
78.     //Return the user to the login page
79.     header('Location: login.php');
80. }
81.  
82.  
83. //Set $result equal to the username
84. $result3 = mysql_query($query3);
85. if(mysql_num_rows($result) < 1) //no such user exists
86. {
87.     //Return the user to the login page
88.     header('Location: login.php');
89. }
90.  
91.  
92.  
93. $userData = mysql_fetch_array($result, MYSQL_ASSOC);
94. $userData2 = mysql_fetch_array($result2, MYSQL_ASSOC);
95. $userData3 = mysql_fetch_array($result3, MYSQL_ASSOC);
96. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
97.  
98. if($hash != $userData['password']) //incorrect password
99. {
100.     //Return the user to the login page
101.     header('Location: login.php');
102.  
103. }
104.  
105. else
106. {
107. //Login Successful
108.            
109.                      
110.             $_SESSION['authlevel'] = $userData3['authlevel'];
111.             $_SESSION['is_logged_in'] = true;
112.             $_SESSION['member_name'] = $userData2['username'];
113.             header("location: welcome.php");
114.                
115.            
116. }
117. ?>
118.  
119.  
120. </body>
121. </html>