Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (LOGIN){
- $error = '';
- if (isset($_POST['login'])) {
- $username = strtolower(mysqli_real_escape_string($mysqli_server, $_POST['username']));
- $password = mysqli_real_escape_string($mysqli_server, $_POST['password']);
- function checkPassword($password, $db_password)
- {
- $parts = explode('$', $db_password);
- $salt = $parts[2];
- $hashed = hash('sha256', hash('sha256', $password) . $salt);
- $hashed = '$SHA$' . $salt . '$' . $hashed;
- return $hashed;
- }
- $sql = "SELECT * FROM `authme` WHERE username='$username'";
- $result = $mysqli_server->query($sql);
- if ($result->num_rows == '1') {
- while ($row = $result->fetch_assoc()) {
- $password = checkPassword($password, $row["password"]);
- $sql = "SELECT * FROM `authme` WHERE username='$username' AND password='$password'";
- $result = $mysqli_server->query($sql);
- if ($result->num_rows == '1') {
- while ($row = $result->fetch_assoc()) {
- $error = '<p class="highlighted"><span>Successful login.</span></p>';
- $_SESSION['store_username'] = $username;
- header('Location: ' . $_SERVER['REQUEST_URI']);
- }
- } else {
- $error = '<p class="highlighted"><span>Sorry!</span> Invalid password.</p>';
- }
- }
- } else {
- $error = '<p class="highlighted"><span>Sorry!</span> Invalid username.</p>';
- }
- }
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement