Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $salt = 'j*Ws95V*reje^uaQP$Z@SuaNR!ymP_zfWR&*4Qe7qmNN&9J';
- $passHash = 'd64573aaa3ab9666e4d4f21a0c63e8a8011ceff5';
- // first check they if they are logging out
- // if logging in make sure its the right password
- if ($_POST['password']) {
- $_SESSION['loggedin'] = (sha1($_POST['password'] . $salt) === $passHash);
- }
- // create a db connection
- $connection = mysqli_connect('localhost', 'root', '', 'test');
- // if they are submitting a post we will insert it into a db
- if ($_POST['title']) {
- $title = htmlentities($_POST['title']);
- $content = htmlentities($_POST['content']);
- if (!$connection->query("INSERT INTO `pass_posts` (`title`, `content`) VALUES ('" . $title . "','" . $content . "')")) {
- $failed = true;
- };
- }
- ?>
- <!doctype html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <title>Pass Example</title>
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
- integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
- crossorigin="anonymous">
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap-theme.min.css"
- integrity="sha384-fLW2N01lMqjakBkx3l/M9EahuwpSfeNvV63J5ezn3uZzapT0u7EYsXMjQV+0En5r"
- crossorigin="anonymous">
- <script src="http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js"></script>
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"
- integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS"
- crossorigin="anonymous"></script>
- </head>
- <body>
- <header>
- <h1>My Blog</h1>
- </header>
- <?php if ($_SESSION['loggedin']): ?>
- <div class="container">
- <h2>I am not so secret content</h2>
- <?php if ($failed) {
- echo '<div class="alert alert-danger">Insert failed</div>';
- } else if ($_POST['title']) {
- // if it didnt fail when posted
- echo '<div class="alert alert-success">Insert Succeeded</div>';
- }
- ?>
- <form method="post" action="php.php">
- <label for="title">title</label><br><input id="title" type="text" placeholder="Title" name="title"><br>
- <label for="content">content</label><br>
- <input id="content" type="text" placeholder="content" name="content"><br>
- <input type="submit" value="Submit">
- </form>
- </div>
- <hr>
- <?php endif; ?>
- <div class="container">
- <?php
- $results = $connection->query('SELECT * FROM `pass_posts`');
- while ($posts = $results->fetch_assoc()):
- ?>
- <div class="row">
- <h3><?php echo html_entity_decode($posts['title']); ?></h3>
- <p><?php echo html_entity_decode($posts['content']); ?></p>
- </div>
- <hr>
- <?php
- endwhile;
- ?>
- </div>
- <footer>
- <?php if ($_SESSION['loggedin']): ?>
- <a href="logout.php">Log out</a>
- <?php else: ?>
- <form method="post" action="php.php">
- <label for="username">Username</label>
- <input type="username" name="username" id="username">
- <label for="password">Password</label>
- <input type="password" name="password" id="password">
- <input type="submit" value="Log in">
- </form>
- <form method="post" action="register.php">
- <label for="username">Username</label>
- <input type="username" name="username" id="username">
- <label for="password">Password</label>
- <input type="password" name="password" id="password">
- <input type="submit" value="Log in">
- </form>
- <?php endif; ?>
- </footer>
- </body>
- </html>
- <?php
- // close connection cause we're done
- $connection->close();
- ?>
- <html>
- <head>
- </head>
- <body>
- <?php
- if (!isset($_POST['submit'])){
- ?>
- <!-- The HTML login form -->
- <form action="<?=$_SERVER['PHP_POST']?>" method="post">
- Username: <input type="text" name="username" /><br />
- Password: <input type="password" name="password" /><br />
- <input type="submit" name="submit" value="Login" />
- </form>
- <?php
- } else {
- $mysqli = mysqli_connect('localhost', 'root', '', 'php_mysql_login_system');
- # check connection
- $username = $_POST['username'];
- $password = $_POST['password'];
- $sql = "SELECT * from users WHERE username LIKE '{$username}' AND password LIKE '{$password}' LIMIT 1";
- $result = $mysqli->query($sql);
- if (!$result->num_rows == 1) {
- echo "<p>Invalid username/password combination</p>";
- } else {
- echo "<p>Logged in successfully</p>";
- // do stuffs
- }
- }
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement