Guest User

Untitled

a guest
May 30th, 2018
179
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.61 KB | None | 0 0
  1. <html>
  2. <head>
  3. <title>Login Page</title>
  4. </head>
  5. <body>
  6. <form name = "login" action="Login.php" method="post">
  7. Username: <input type="text" name="username" />
  8. Password: <input type="password" name="password" />
  9. <input type ="submit" value="Login" />
  10. </form>
  11. </body>
  12. </html>
  13.  
  14.  
  15. ----------- end of html --------------
  16.  
  17.  
  18. <?php
  19.  
  20. session_start(); //must call session_start before using any $_SESSION variables
  21.  
  22. function validateUser()
  23. {
  24. session_regenerate_id (); //this is a security measure
  25. $_SESSION['valid'] = 1;
  26. $_SESSION['userid'] = $userid;
  27. echo "Validating User";
  28. }
  29.  
  30. function isLoggedIn()
  31. {
  32. if(isset($_SESSION['valid']) && $_SESSION['valid'])
  33. return true;
  34. return false;
  35. }
  36.  
  37. function logout()
  38. {
  39. $_SESSION = array(); //destroy all of the session variables
  40. session_destroy();
  41. echo "You Have Been Logged Out";
  42. }
  43.  
  44. $username = $_POST['username'];
  45. $password = $_POST['password'];
  46.  
  47. //connect to the database here
  48. $username = mysql_real_escape_string($username);
  49. $query = "SELECT password, salt
  50. FROM users
  51. WHERE username = '$username';";
  52. $result = mysql_query($query);
  53. if(mysql_num_rows($result) < 1) //no such user exists
  54. {
  55. header('Location: loginHtml.php');
  56. }
  57. $userData = mysql_fetch_array($result, MYSQL_ASSOC);
  58. $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
  59. if($hash != $userData['password']) //incorrect password
  60. {
  61. header('Location: loginHtml.php');
  62. die();
  63. }
  64. else
  65. {
  66. validateUser(); //sets the session data for this user
  67. }
  68. //redirect to another page or display "login success" message
Add Comment
Please, Sign In to add comment