Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- ## auth(USER, PASS)
- ## -> Authenticate user
- ##
- function auth($user,$pass) {
- global $db_host, $db_user, $db_pass, $db_name;
- $IP = $_SERVER['REMOTE_ADDR'];
- ## Clean username and password for unwanted characters
- $user = purge($user);
- $pass = purge($pass);
- ## Generate MD5 hash to compare
- $pass = md5($pass);
- ## Connect to mysql
- mysql_connect($db_host,$db_user,$db_pass) or die("Unable to connect to MySQL");
- mysql_select_db($db_name) or die("Unable to select DB");
- ## Execute mysql query
- $query = sql("SELECT * FROM `users` WHERE name='$user'");
- $rows = mysql_num_rows($query);
- ## User found in DB
- if ($rows == 1) {
- ## Fetch user details
- $result = mysql_fetch_assoc($query);
- ## Compare password in DB with password entered
- if ($pass == $result['pass']) {
- ## Password matches, set session details
- $_SESSION['auth'] = "yes";
- $_SESSION['id'] = $result['id'];
- $_SESSION['user'] = $result['name'];
- $_SESSION['admin'] = $result['access'];
- ## Store last IP
- sql("UPDATE `users` SET lastIP='".$IP."' where id ='".$result['id']."';");
- ## Redirect user
- header("location: index.php");
- } else {
- ## Password doesn't match, show error msg
- $loginMsg = "<div id='loginError' class='show'>Incorrect password</div>";
- }
- ## User not found in DB
- } else {
- ## Clean session
- $_SESSION['auth'] = "no";
- $_SESSION['id'] = "";
- $_SESSION['user'] = "";
- $_SESSION['admin'] = "0";
- ## Show error message
- $loginMsg = "<div id='loginError' class='show'>Incorrect username</div>";
- }
- ## Data gather complete, close MySQL connection
- unset($query);
- mysql_close();
- return $loginMsg;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
