Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- // Check if user wants to login (GET info)
- if($_POST['script'] == 'login'){
- // That's nice, user wants to login. But lets check if user has filled in all information
- If(empty($_POST['account_username']) OR empty($_POST['account_password'])) {
- // At least one of the inputs is empty, display an error
- ?>
- <p>You need to enter both a username and a password.</p>
- <?
- } else {
- // User filled it all in!
- // Make variables save with mysql_real_escape_string and sha1
- $ip = $_SERVER['REMOTE_ADDR'];
- $online = '1';
- $referer = $_SERVER['HTTP_REFERER'];
- $username = mysql_real_escape_string($_POST['account_username']);
- $password = SHA1(mysql_real_escape_string($_POST['account_password']));
- mysql_query("SET time_zone = 'CET'");
- // Search for a combination
- $query = mysql_query("SELECT * FROM account WHERE username = '" . $username . "' AND sha_pass_hash = '" . $password . "' ") or die(mysql_error());
- session_start();
- // Save result
- list($user_id) = mysql_fetch_row($query);
- }
- // If the user_id is empty no combination was found
- if(empty($user_id)) {
- ?>
- <p>Wrong username or password.</p>
- <?
- } else {
- // Create new session, store the user id
- $_SESSION['user_id'] = "$user_id";
- $query_online = "UPDATE account SET online='$online', last_ip='$ip', last_login=NOW() WHERE username = '$username'";
- $result_online = mysql_query($query_online);
- // Redirect to userpanel.php
- $validatedate = uniqid();
- sql("UPDATE acount SET cookie_check='$validate' WHERE id=$user_id");
- setcookie('NEHI_USER', $user_id."|".$validate, time()+60*60*24*365, "/");
- print '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$referer.'">';
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement