Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <body>
- <?php error_reporting(-1); ini_set('display_errors', 'on'); ?>
- <?php
- session_start();
- //Declare username and password variable from login form
- $username = $_POST['username'];
- $password = $_POST['password'];
- //Define mySQL server login information
- //$dbhost = 'localhost';
- //$dbname = 'basiclogin';
- //$dbuser = 'root';
- //$dbpass = 'Password@1'; //not really
- //Connection variable
- //$conn = mysql_connect($dbhost, $dbuser, $dbpass); OLD MYSQL WAY
- //NEW PDO WAY
- $conn = new PDO('mysql:host=localhost;dbname=basiclogin', 'root', 'Password@1');
- /*try {
- //connect as appropriate as above
- $conn->query('hi'); //invalid query!
- } catch(PDOException $ex) {
- echo "An Error occured!"; //user friendly message
- some_logging_function($ex->getMessage());
- }*/
- //Begin using database
- //mysql_select_db($dbname, $conn);
- //SQL injection protection
- //$username = mysql_real_escape_string($username);
- //Define the query to be used by mySQL
- $query = "SELECT password, salt
- FROM users
- WHERE username = '$username';";
- //Define the query to be used by mySQL
- $query2 = "SELECT username
- FROM users
- WHERE username = '$username';";
- //Define the query to be used by mySQL
- $query3 = "SELECT authlevel
- FROM users
- WHERE username = '$username';";
- //Die if connection is bad
- if (!mysql_query($query,$conn))
- {
- die('Error: ' . mysql_error());
- }
- //Set $result equal to the username
- $result = mysql_query($query);
- if(mysql_num_rows($result) < 1) //no such user exists
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- //Set $result equal to the username
- $result2 = mysql_query($query2);
- if(mysql_num_rows($result) < 1) //no such user exists
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- //Set $result equal to the username
- $result3 = mysql_query($query3);
- if(mysql_num_rows($result) < 1) //no such user exists
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- $userData = mysql_fetch_array($result, MYSQL_ASSOC);
- $userData2 = mysql_fetch_array($result2, MYSQL_ASSOC);
- $userData3 = mysql_fetch_array($result3, MYSQL_ASSOC);
- $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
- if($hash != $userData['password']) //incorrect password
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- else
- {
- //Login Successful
- $_SESSION['authlevel'] = $userData3['authlevel'];
- $_SESSION['is_logged_in'] = true;
- $_SESSION['member_name'] = $userData2['username'];
- header("location: welcome.php");
- }
- ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment