Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $connection = mysqli_connect(
- "localhost",
- "root",
- "",
- "mydb"
- );
- if (mysqli_connect_errno()) {
- exit('failed to connect to the database server.');
- }
- if (!isset($_GET['auth_username']) || !isset($_GET['auth_password'])) {
- exit('you failed to provide the correct parameters.');
- }
- $username = isset($_GET['auth_username']) ? $_GET['auth_username'] : '';
- $password = isset($_GET['auth_password']) ? $_GET['auth_password'] : '';
- $commandText = "SELECT `password`,`has_subscription` FROM `a__client_accounts`";
- $whereClause = "WHERE `username` = '" . $username . "'";
- $result = $connection->query($commandText . " " . $whereClause);
- if (!$result) {
- exit('Invalid query: ' . $connection->error);
- }
- else if ($result->num_rows > 0) {
- $array = $result->fetch_array();
- if (!password_verify($password, $array['password'])) {
- exit('we found your account, but you entered the wrong password.');
- }
- else if ($array['has_subscription'] == '0') {
- exit('you authenticated, but you don't have a subscription');
- }
- else {
- exit('congratulations');
- }
- }
- else {
- echo 'no account was found with that name.';
- }
Add Comment
Please, Sign In to add comment