API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 4th, 2018
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.00 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. include('../../configs/conf.php');
  4. function GetId($account) {
  5.   include('../../configs/conf.php');
  6.   $stmt = $conn->prepare("SELECT id FROM account WHERE username = ?");
  7.   $stmt->bind_param("s", $account);
  8.   $stmt->execute();
  9.   $stmt->bind_result($id);
  10.   $stmt->store_result();
  11.   $stmt->fetch();
  12.   if ($stmt->num_rows > 0) {
  13.     return $id;
  14.   }
  15. }
  16.  
  17. function encryptsha($user,$pass) {
  18.   $user = strtoupper($user);
  19.   $pass = strtoupper($pass);
  20.   return strtoupper(sha1($user.':'.$pass));
  21. }
  22.  
  23. $username = $_POST['username'];
  24. $password = encryptsha($username, $_POST['password']);
  25. $admincode = strtoupper($_POST['admincode']);
  26. $accountId = GetId($username);
  27. $stmt = $conn->prepare("SELECT * FROM account WHERE username = ? AND sha_pass_hash = ?");
  28. $stmt->bind_param("ss", $username, $password);
  29. $stmt->execute();
  30. $stmt->store_result();
  31. $stmt->fetch();
  32. if($stmt->num_rows > 0) {
  33.   $stmt2 = $conn->prepare("SELECT gmlevel FROM account_access WHERE id = ?");
  34.   $stmt2->bind_param("i", $accountId);
  35.   $stmt2->execute();
  36.   $stmt2->bind_result($gmlevel);
  37.   $stmt2->store_result();
  38.   $stmt2->fetch();
  39.   if($stmt2->num_rows > 0) {
  40.     mysqli_select_db($conn, $webdbname);
  41.     $stmt3 = $conn->prepare("SELECT admin_code FROM accounts WHERE username = ?");
  42.     $stmt3->bind_param("s", $username);
  43.     $stmt3->execute();
  44.     $stmt3->bind_result($admincode2);
  45.     $stmt3->store_result();
  46.     $stmt3->fetch();
  47.     if(strcmp($admincode, $admincode2) == 0) {
  48.       $_SESSION['adminuser'] = strtoupper($username);
  49.       echo "<div class='alert alert-success'><strong>Success!</strong> You will be logged in.</div>";
  50.     } else {
  51.       echo "<div class='alert alert-danger'><strong>Failed to Login!</strong> Admin Code is incorrect!</div>";
  52.     }
  53.   }else{
  54.     echo "<div class='alert alert-danger'><strong>Failed to Login!</strong> You are not an Administrator!</div>";
  55.   }
  56. }else {
  57.     echo "<div class='alert alert-danger'><strong>Failed!</strong> Password is incorrect!</div>";
  58. }
  59.  
  60. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!