Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- mysql_connect("localhost","root","Blhbbccm4650");
- mysql_select_db("forums") or die(mysql_error());
- function antisql($dirty){
- if (get_magic_quotes_gpc()) {
- $clean = mysql_real_escape_string(stripslashes($dirty));
- }else{
- $clean = mysql_real_escape_string($dirty);
- }
- return $clean;
- }
- $username = $_POST['username'];
- $username = antisql($username);
- $password = $_POST['password'];
- $password = antisql($password);
- $salt = mysql_fetch_array(mysql_query("SELECT salt FROM user WHERE username='$username'"));
- $salt = $salt['0'];
- $hash = md5(md5($password) . $salt);
- $password_hash = mysql_fetch_array(mysql_query("SELECT password FROM user WHERE username='$username'"));
- $password_hash = $password_hash['0'];
- if($hash == $password_hash){
- echo "yes";
- $_SESSION['nulluser'] = $username;
- }
- ?>
Add Comment
Please, Sign In to add comment