<?php session_start(); if ((!isset($_POST['login'])) || (!isset($_

1. <?php
2.  
3.     session_start();
4.  
5.     if ((!isset($_POST['login'])) || (!isset($_POST['haslo']))) {
6.         header("Location: index.php");
7.         exit();
8.     }
9.     require_once "connect.php";
10.     $connection = @new mysqli($host, $db_user, $db_password, $db_name);
11.  
12.     if ($connection->connect_errno!=0) {
13.         echo "Error: ".$connection->connect_errno;
14.     }
15.     else {
16.     $login = $_POST['login'];
17.     $pswrd = $_POST['haslo'];
18.  
19.     $login = htmlentities($login, ENT_QUOTES, "UTF-8");
20.     $pswrd = htmlentities($pswrd, ENT_QUOTES, "UTF-8");
21.  
22.     if ($result = @$connection->query(
23.         sprintf("SELECT * FROM uzytkownicy WHERE user='%s' AND pass='%s'",
24.         mysqli_real_escape_string($connection,$login),
25.         mysqli_real_escape_string($connection,$pswrd)))) {
26.         $is_usr = $result->num_rows;
27.         if($is_usr>0) {
28.             $_SESSION['logged_in'] = true;
29.  
30.             $row_name = $result->fetch_assoc();
31.             $_SESSION['id'] = $row_name['id'];
32.             $_SESSION['user'] = $row_name['user'];
33.             $_SESSION['access_rights'] = $row_name['access_rights'];
34.  
35.             unset($_SESSION['log_in_error']);
36.             $result->close();
37.             if ($_SESSION['access_rights']) {
38.                 header("Location: admin.php");
39.             }
40.             else { header("Location: application.php"); }
41.  
42.         } else {
43.             $_SESSION['log_in_error'] =  '<span style="color:red">Nieprawidłowy login lub hasło!</span>';
44.             header("Location: index.php");
45.         }
46.  
47.     }
48.  
49.     $connection->close();
50.     }
51.  
52. ?>