Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include_once("db_connect.php");
- if(isset($_POST['loginSub'])) {
- //Connect to DB
- include_once("db_connect.php");
- //Gets whatever is inside input box and prevents sql injection
- $username=strip_tags($_POST['user']);
- $password=strip_tags($_POST['password']);
- //Gets whatever is inside input box and prevents sql injection
- $username=stripslashes($username);
- $password=stripslashes($password);
- //Gets whatever is inside input box and prevents sql injection
- $username=mysqli_real_escape_string($username);
- $password=mysqli_real_escape_string($password);
- // Look in users table and filter those who have same username is the one inputed.
- $sql = "SELECT * FROM users WHERE username='$username' LIMIT 1";
- $query = mysqli_query("$db,$sql");
- $row = mysqli_fetch_array($query);
- $id = $row['id'];
- $db_password = $row['password'];
- if($password == $db_password) {
- $_SESSION['username']= $username;
- $_SESSION['id']= $id;
- //useless code doesnt work header('Location: editor.php');
- } else{
- echo "Incorrect details.Try again!";
- }
- }
- ?>
- <div id="loginform">
- <form id="login" action="loginAuth.php">
- <label for="login"><strong>Login:</strong></label>
- <input type="text"size=20 autocorrect=off autocapitalize=words name="user">
- <label for="loginPassword" name="password"> <strong>Password:</strong></label>
- <input type="password" name="Password">
- <input name="loginSub" type="submit" value="login">
- </form>
- </div>
- $username=mysqli_real_escape_string($username);
- $password=mysqli_real_escape_string($password);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement