Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- mysql query
- ALTER TABLE table ADD COLUMN session_id varchar(512)
- Checklogin.php (the page the post form sends you too from Login.php)
- <?php
- session_start();
- $username = stripslashes(mysql_real_escape_string($_POST['username']));
- $password = stripslashes(mysql_real_escape_string($_POST['password']));
- $password = hash(sha512, $password); // I suggest hashing with sha512 to keep passwords safe! :)
- $mysql_query = mysql_query("SELECT * FROM table WHERE username = '" . $username . "' AND password = '" . $password . "' ");
- $count = mysql_num_rows($mysql_query);
- if ($count == '1') {
- $session_id = hash(sha512, rand());
- $_SESSION['session_id'] = $session_id;
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- $intodb = mysql_query("UPDATE table SET session_id = '" . $session_id . "' WHERE username = '" . $username . "' AND password = '" . $password . "' ");
- header('Location: LoggedIn.php');
- }
- else {
- session_destroy();
- header('Location: Login.php');
- }
- ?>
- LoggedIn.php
- <?php
- session_start();
- $session_id = $_SESSION['session_id'];
- $username = $_SESSION['username'];
- $password = $_SESSION['password'];
- $mysql_query = mysql_query("SELECT * FROM table WHERE username = '" . $username . "' AND password = '" . $password . "' ");
- $mysql_output = mysql_fetch_array($mysql_query);
- $session_id_db = $mysql_output['session_id'];
- if ((isset($session_id)) && (isset($session_id_db)) && ($session_id == $session_id_db)) {
- // logged in, output your data here.
- }
- else {
- header('Location: login.php');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement