Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>Login Page</title>
- </head>
- <body>
- <form name = "login" action="Login.php" method="post">
- Username: <input type="text" name="username" />
- Password: <input type="password" name="password" />
- <input type ="submit" value="Login" />
- </form>
- </body>
- </html>
- ----------- end of html --------------
- <?php
- session_start(); //must call session_start before using any $_SESSION variables
- function validateUser()
- {
- session_regenerate_id (); //this is a security measure
- $_SESSION['valid'] = 1;
- $_SESSION['userid'] = $userid;
- echo "Validating User";
- }
- function isLoggedIn()
- {
- if(isset($_SESSION['valid']) && $_SESSION['valid'])
- return true;
- return false;
- }
- function logout()
- {
- $_SESSION = array(); //destroy all of the session variables
- session_destroy();
- echo "You Have Been Logged Out";
- }
- $username = $_POST['username'];
- $password = $_POST['password'];
- //connect to the database here
- $username = mysql_real_escape_string($username);
- $query = "SELECT password, salt
- FROM users
- WHERE username = '$username';";
- $result = mysql_query($query);
- if(mysql_num_rows($result) < 1) //no such user exists
- {
- header('Location: loginHtml.php');
- }
- $userData = mysql_fetch_array($result, MYSQL_ASSOC);
- $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
- if($hash != $userData['password']) //incorrect password
- {
- header('Location: loginHtml.php');
- die();
- }
- else
- {
- validateUser(); //sets the session data for this user
- }
- //redirect to another page or display "login success" message
Add Comment
Please, Sign In to add comment