Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <body>
- <?php
- require_once("Config.php");
- /*
- Second modification.
- Please, for the love of all things nice, use tab spacing for indenting, not
- regular old spaces.
- */
- ob_start();
- if(!isset($_SESSION['ID'])){
- echo '<form action="logintest.php" method="post">
- Username:<input type="text" name="user" /><br />
- Password:<input type="password" name="pass" /><br />
- <input type="Submit" value="Login" />
- </form><br />'; //No need for 3 elots of echo. Speed issues, tiny, but they add up in long code.
- }
- $user = mysql_real_escape_string($_POST["user"]); // Just the simplest of *many* filters.
- $pass = md5($_POST["pass"]); // Make DataBase correspond, means you don't need any filtering, either.
- $result = mysql_query("SELECT Password FROM login WHERE Username = '$user'") or die('No such user');
- $row = mysql_fetch_assoc($result);
- $passtest = $row["Password"];
- if($row == false){
- echo "Incorrect Username or password<br />" ; // Don't want to be giving too much away, do we now?
- }
- else if($pass == $passtest){
- $login=true;
- echo "Logged In successfully"; // You won't see this...
- $query = mysql_query("SELECT * from login WHERE Username = '$user'") or die(mysql_error);
- $row = mysql_fetch_assoc($query);
- $status = $row["Status"];
- if($status == 1){
- // echo "<br />You are admin"; This won't even be seen!
- header("Location:admin.php");
- $_SESSION['ID'] = 1;
- }else{
- $_SESSION['ID'] = 0;
- header("Location:admin.php");
- }
- }else{
- echo "Incorrect Username or password<br />" ; // This is the reason for above.
- }
- mysql_close($con); // This should go in a config, too.
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement