Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST["siwloginbutton"])) {
- // start session and include pgsql-connection
- session_start();
- include "inc/pgsql.inc.php";
- // secur variables
- $classid = htmlentities(addslashes($_POST["classid"]));
- $user = htmlentities(addslashes($_POST["user"]));
- $password = sha1(htmlentities(addslashes($_POST["password"])));
- // database-query
- $query = "SELECT classid,user,password,role FROM siw_user WHERE classid = $classid AND user = '$user' AND password = '$password'";
- $query = pg_query($pgconn, $query);
- $row = pg_fetch_array($query);
- if($row["user"] == $user && $row["password="] == $password) {
- pg_query($pgconn, "UPDATE siw_user SET online = 1 WHERE user = '$user';");
- // set session-variables
- $_SESSION["user"] = $row["user"];
- $_SESSION["login"] = true;
- $_SESSION["classid"] = $row["classid"];
- $_SESSION["role"] = $row["role"];
- file_put_contents("log/login.log", $row["user"] . "successfully logged-in at" . time(), FILE_APPEND);
- header("Location: ./");
- } else {
- header("Location: ./?msg=Falsches+Passwort+oder+Benutzername");
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement