Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // loginadmin.php
- //connect sa database
- require 'dbconnect.php';
- //check if nana ang username
- $checkuser = mysql_query("SELECT * FROM admin WHERE Username='$_POST[username]'");
- $username_exist = mysql_num_rows($checkuser);
- //add slashes to the username and md5() the password
- $user = addslashes($_POST['username']);
- $pass = $_POST['password'];
- //kung wala ng exist because wala gi enter either ang username or ang password
- if(($username_exist == 0) && (($_POST[username]==""||$_POST[username]==null)||($_POST[password]==""||$_POST[password]==null)))
- {
- header("Location: administrator.php");
- echo "Invalid Username or Password.";
- exit();
- }
- //kung wala pa ng exist sa world kana nga username
- else if($username_exist == 0)
- {
- header("Location: administrator.php");
- echo "Invalid Username or Password.";
- exit();
- }
- //yes! kung ng exist ang username, check if the password entered kay sakto ba or not
- else
- {
- $result = mysql_query("SELECT * FROM admin WHERE Username='$_POST[username]'");
- while($row = mysql_fetch_array($result))
- {
- if($row['Username'] == $_POST[username] && $row['Password'] == $_POST[password])
- {
- session_start();
- session_register('username');
- session_register('password');
- $_SESSION['username']=$user;
- $_SESSION['password']=$pass;
- //status = 1 kung admin
- $_SESSION['status']=$row['Status'];
- //adto lain page
- header( "Location: login.php" );
- }
- else
- {
- header("Location: administrator.php");
- echo "Invalid Username or Password.";
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment