Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // START SESSION
- session_start();
- // GRAB DATABASE DETAILS
- require('connect.php');
- // SET BASIC VARIABLES FROM FORM
- $username = $_POST['username'];
- $password = $_POST['password'];
- // PREVENT SQL INJECTION ESCAPE CHARS
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- // BUILD THE QUERY
- $sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
- $result = mysql_query($sql) or die ( mysql_error() );
- $count = 0;
- while ($line = mysql_fetch_assoc($result)) {
- $count++;
- }
- // IF THERES A MATCH, REDIRECT TO DASHBOARD
- if ($count == 1) {
- $_SESSION['loggedIn'] = "true";
- header("Location: /reps/dashboard/");
- } else {
- $_SESSION['loggedIn'] = "false"; // OTHERWISE TELL THEM THEY'VE FAILED!
- echo "FAIL!";
- }
- ?>
Add Comment
Please, Sign In to add comment