Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'db_connection.php'; // Assume this external script connects us to the database
- // Start session
- session_start();
- // Extract POST variables: 'username', 'password', and 'filename'
- extract($_POST);
- // Check if user is already logged in
- if ($_SESSION['is_logged_in'] == '1') {
- // Output confidential file contents to user
- echo shell_exec('cat ~/confidential_info/' . $filename);
- } else {
- // Check login credentials
- $query =
- "SELECT * FROM users WHERE ".
- "username = '" . $username . "' AND ".
- "password = '" . $password . "';"
- $result = mysql_query($query);
- if (mysql_num_rows($result) > 0) {
- // Login information matched credentials!
- $_SESSION['is_logged_in'] = '1';
- // Output confidential file contents to user
- echo shell_exec('cat ~/confidential_info/' . $filename);
- } else {
- // Login information did not match!
- die('You do not have access.');
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement