Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Functions
- function createSalt()
- {
- $string = md5(uniqid(rand(), true));
- return substr($string, 0, 3);
- }
- function logout()
- {
- $_SESSION = array(); //destroy all of the session variables
- session_destroy();
- }
- function isLoggedIn()
- {
- if($_SESSION['valid'])
- return true;
- return false;
- }
- function validateUser()
- {
- session_regenerate_id (); //this is a security measure
- $_SESSION['valid'] = 1;
- $_SESSION['username'] = $username;
- $_SESSION['priv'] = $userid;
- $_SESSION['id'] = $level;
- }
- //Database
- $dbhost = 'localhost';
- $dbname = 'devacc_dev';
- $dbuser = 'devacc_dev';
- $dbpass = 'welcome12';
- $conn = mysql_connect($dbhost, $dbuser, $dbpass);
- mysql_select_db($dbname, $conn);
- //end functions
- session_start();
- $username = $_POST['username'];
- $password = $_POST['password'];
- $level = $userData['priv'];
- $userid = $userData['id'];
- $username = mysql_real_escape_string($username);
- $query = "SELECT * FROM users WHERE username = '$username';";
- $result = mysql_query($query);
- if(mysql_num_rows($result) < 1)
- {
- header('Location: index.php');
- die();
- }
- $userData = mysql_fetch_array($result, MYSQL_ASSOC);
- $hash = sha1( $userData['salt'] . sha1($password) );
- if($hash != $userData['password'])
- {
- header('Location: index.php');
- die();
- }
- else
- {
- validateUser();
- }
- header('Location: membersonly.php');
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement