Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_POST['submit'])) {
- require_once $_SERVER['DOCUMENT_ROOT']."/config/config.php";
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['password']);
- if (empty($errors)) {
- $query = "SELECT id, salt FROM users WHERE username = '$username' LIMIT 1";
- $result = mysql_query($query);
- if (mysql_num_rows($result) > 0) {
- $id = mysql_result($result,0,"id");
- $salt = mysql_result($result,0,"salt");
- $password = hash_pass($password.$salt.PASSWORD_SALT);
- $query = "SELECT username, password, lang FROM users WHERE id = '$id' AND password = '$password' LIMIT 1";
- $result = mysql_query($query);
- if (mysql_num_rows($result) > 0) {
- $username = mysql_result($result,0,"username");
- $password = mysql_result($result,0,"password");
- # use first 10 of password as Session key.
- $password = substr($password, 0, 10);
- if ($_POST['remember'] == "1"){
- setcookie ('key', $password, time() + 2592000);
- setcookie ('id', $id, time() + 2592000);
- }
- session_start();
- $_SESSION['username'] = $username;
- $_SESSION['id'] = $id;
- $_SESSION['key'] = $password;
- $_SESSION['lang'] = mysql_result($result,0,"lang");
- header("Location: profile");
- } else {
- $errors[] = $incorrect_user_or_pass;
- }
- } else {
- $errors[] = $incorrect_user_or_pass;
- }
- }
- }
Add Comment
Please, Sign In to add comment