Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- define('__DESTINATION__','some_url_here');
- session_start();
- $conn_id = mysql_connect($_SERVER['DB_HOST'],$_SERVER['DB_USER'],$_SERVER['DB_PASS']);
- mysql_select_db($_SERVER['DB_NAME'],$conn_id);
- if($_SERVER['REQUEST_METHOD'] != 'POST')
- exit;
- if(empty($_POST['username']) || empty($_POST['password']))
- die('You have not entered one or more required fields.');
- $clean = array();
- $clean['username'] = mysql_real_escape_string($_POST['username']);
- $clean['password'] = mysql_real_escape_string($_POST['password']);
- $mysql = 'SELECT `member_id`,`member_username`,`member_password`,`member_salt` '.
- 'FROM `members` '.
- 'WHERE `member_username` = "'.$clean['username'].'" ';
- $q = mysql_query($mysql, $conn_id);
- $data = mysql_fetch_assoc($q);
- if(!mysql_num_rows($q))
- die('That user does not exist.');
- $password = $clean['password'].$data['member_salt'];
- $mysql .= 'AND `member_password`="'.sha1($password).'"';
- $q = mysql_query($mysql, $conn_id);
- if(!mysql_num_rows($q))
- die('Invalid username/password combination.');
- $_SESSION['userid'] = $data['member_id'];
- $_SESSION['is_auth'] = 1;
- $IP = trim($_SERVER['REMOTE_ADDR']);
- mysql_query('UPDATE `members` SET `member_ip`="'.$IP.'" WHERE `member_id`='.$_SESSION['userid']);
- //header("Location: ".__DESTINATION__);
- ?>
Add Comment
Please, Sign In to add comment