Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- include('../../../../httpdocs/API/dbconf.php');
- include('../../../../httpdocs/API/dbconnect.php');
- $iptriple = connect($dbconf['iptriple']);
- if (isset($_REQUEST['Username']) && isset($_REQUEST['Password'])) {
- $number = $_REQUEST['Username'];
- $password = $_REQUEST['Password'];
- mysql_real_escape_string($number);
- mysql_real_escape_string($password);
- $encryptedpass = md5($password);
- // query
- $query = "SELECT id, username, password, first_name, last_name FROM `ab_account` WHERE username IN ('$number') AND password IN('$encryptedpass');";
- $result = mysql_query($query, $iptriple) or die(mysql_error() . "There was an error with the query on line 17.");
- // check to make sure the user / pass combo is valid
- if (mysql_num_rows($result) > 0) {
- // set the resulting field array to $account
- $account = mysql_fetch_row($result);
- $number = $account['username'];
- $name = $account['first_name'] . $account['last_name'];
- print "[DATA]\r\n";
- print "Success=1\r\n";
- } else {
- print "[DATA]\r\n";
- print "Success=0\r\n";
- print "Failure=\"Your username and password do not match!\"";
- }
- $fp = fopen("log.txt", "a+");
- $data = $_GET;
- $data = "<pre>" . print_r($data, 1) . "</pre>\n";
- fwrite($fp, $data);
- fwrite($fp, "Username: " . $number . "\n");
- fwrite($fp, "Password: " . md5($password) . "\n");
- fwrite($fp, "Query: " . $query . "\n");
- //fwrite($fp, "DisplayName: " . $name . "\n");
- fclose($fp);
- } else {
- print "[DATA]\r\n";
- print "Success=0\r\n";
- print "Failure=You need to supply a username and password!";
- }
- ?>
Add Comment
Please, Sign In to add comment
