Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- conn.php
- <?php
- if(!isset($_GET['login']) && !isset($_GET['pwd']))
- {
- header('Location: index.php');
- }
- else
- {
- if(!preg_match('/^[[:alnum:]]+$/', $_GET['login']) or
- !preg_match('/^[[:alnum:]]+$/', $_GET['pwd']))
- {
- echo 'Only alphanumeric characters are allowed';
- exit();
- }
- else
- {
- require('config.php');
- $login = $_GET['login'];
- $pwd = $_GET['pwd'];
- $sql = "SELECT * FROM users WHERE user='".mysql_escape_string($login)."'";
- // Check if user exists
- $request_1 = mysql_query($sql) or die ( mysql_error() );
- if(mysql_num_rows($request_1)==0)
- {
- echo 'User does not exist!';
- exit();
- }
- else
- {
- $request_2 = mysql_query($sql." AND pass='".$pwd."'") or die ( mysql_error() );
- if(mysql_num_rows($request_2)==0)
- {
- $result = mysql_fetch_array($request_1, MYSQL_ASSOC);
- $lastconn = explode(' ', $result["dates"]);
- $lastday = explode('-', $lastconn[0]);
- $nbr_trial = $result["nbr_connect"];
- if($lastday[2]==date("d") && $MAX_trial==$nbr_trial)
- {
- echo 'Too many connection attempts!<br/>';
- exit();
- }
- else
- {
- $nbr_trial++;
- $update = "UPDATE users SET nbr_connect='".$nbr_trial."', dates=NOW()
- WHERE id='".$result["id"]."'";
- mysql_query($update) or die ( mysql_error() );
- echo 'Incorrect login or password';
- exit();
- }
- }
- else
- {
- $result = mysql_fetch_array($request_2, MYSQL_ASSOC);
- $nbr_trial = 0;
- $update = "UPDATE users SET nbr_connect='".$nbr_trial."', dates=NOW()
- WHERE id='".$result["id"]."'";
- mysql_query($update) or die ( mysql_error() );
- header('Location: portal/index.php');
- }
- }
- }
- }
- ?>
- config.php :
- <?php
- $DB_serveur = 'localhost';
- $DB_utilisateur = 'root';
- $DB_motdepasse = '******';
- $DB_base = 'siht_portal';
- define('_MAX_TENTATIVE', 3);
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
