Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- require("database.php");
- $username = $_POST["USERNAME"];
- $password = $_POST["PASSWORD"];
- // Strip the string to prevent SQL injection
- $username = stripslashes($username);
- $password = stripslashes($password);
- $_SESSION["USER"] = $username;
- $_SESSION["PASS"] = $password;
- if (!mysql_connect($myDB["Host"], $myDB["Username"], $myDB["Password"])) {
- die('Could not connect to database. Try again later.');
- }else{
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $result = mysql_query("SELECT * FROM `Users` WHERE `username` = '". $_SESSION["USER"] ."' AND `password` = '". sha1($_SESSION["PASS"] ."'"));
- if($result){
- $row = mysql_fetch_array($result);
- echo "Welcome, ". $row['username'];
- $user = $row;
- $Authed = true;
- }else{
- $Authed = false;
- if($Page["Title"] != "User Control Panel"){
- echo "<span class=\"auth\">You are not authenticated, please <a href='?page=login.php'>login</a>.</span>";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement