Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Begin our sessions via session_start()
- * Include our config file, no need for paranthesis()
- */
- session_start();
- include 'config.php';
- if ( isset( $_POST['submit'] ) )
- {
- /**
- * Clean our username from SQL injections
- */
- $username = mysql_real_escape_string( $_POST['username'] );
- /**
- * Encrypts our password with a salt for extra security instead of just
- * encrypting the pass we md5 both, never change it
- */
- $password = md5( $_POST['password'] . 'tH1s-i$-4-s8lt-f0R-xTr4h-S3cur1tZy' );
- /**
- * Create our query and check if the info is valid against the database
- */
- $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'");
- /**
- * Check if the numbers of rows from our query is great than 1
- */
- if ( mysql_num_rows( $query ) > 0 )
- {
- /**
- * If so set our session info
- */
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- }
- else
- {
- /**
- * Redirect our user if login has failed
- */
- header("Refresh: 0; url=index.php?page=failedlogin");
- }
- }
- /**
- * End our login page, don't end it with ?> if only PHP exists at the end
- */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement