Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if(isset($_POST['submit'])){
- $user = $_POST['username'];
- $pwrd = $_POST['pwrd'];
- //include database connection
- include('includes/db_connect.php');
- if(empty($user) || empty($pwrd)){
- echo 'Nada informado';
- }else{
- //prevenção de sql injection
- $user = strip_tags($user);
- $user = $db->real_escape_string($user);
- $pwrd = strip_tags($pwrd);
- $pwrd = $db->real_escape_string($pwrd);
- $pwrd = md5($pwrd);
- $query = $db-> query("SELECT user_id, username FROM user WHERE username='$user' AND password='$pwrd'");
- //echo $query->num_rows; ver se tem algo no banco
- if($query->num_rows === 1){
- while($row = $query->fetch_object()){
- $_SESSION['user_id'] = $row->user_id;
- }
- header('Location: admin/index.php');
- exit();
- }else{
- echo 'Nada informado';
- }
- }
- }
- ?>
- <?php
- include('../includes/db_connect.php');
- $query = $db-> query("SELECT user_id, username FROM user WHERE username='$user'");
- echo 'bem vindo: $ não sei o que colocar aqui';
- ?>
- <?php
- session_start();
- echo "bem vindo: ".$_SESSION['username'];
- ?>
- $_SESSION['username'] = $row->username;
- if($query->num_rows === 1)//se o resultado da query === 1...execute
- if($query->num_rows === 1)
- { $row = $query->fetch_object();
- $_SESSION['username'] = $row->username;
- header('Location: admin/index.php');
- exit();
- }else
- { echo 'Nada informado';
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement