runnerLogin.php

1. <!doctype html>
2. <?php
3. //$cookie_name = "user";
4. //$cookie_value = "value";
5. //setcookie($cookie_name, $cookie_value, time() + 3600, "/");
6. session_start();
7. ?>
8. <html>
9. <head>
10. <meta charset="utf-8">
11. <title>Login PHP</title>
12. </head>
13.  
14. <body>
15. <h1>Login PHP</h1>
16. <?php
17. function sanitize($data)
18. {
19. // apply stripslashes if magic_quotes_gpc is enabled
20. if(get_magic_quotes_gpc())
21. {
22. $data = stripslashes($data);
23. }
24. return $data;
25. }
26. //echo "number of cookies: ".count($_COOKIE);
27. $user = sanitize($_GET['username']);
28. $pass = sanitize($_GET['pwd']);
29. $servername = "localhost";
30. $username = "playground18";
31. $password = "Cdz5SOVrY2p8fnWS";
32. $dbname = "playground18";
33.  
34. try
35. {
36. $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
37. $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
38. $sql = "SELECT count(*) FROM `tanay_xcatt_runners` WHERE id > 0";
39. $result = $conn->prepare($sql);
40. $result->execute();
41. $number_of_rows = $result->fetchColumn();
42. //print($number_of_rows);
43.  
44.  
45. //$stmt = $conn->prepare("SELECT COUNT(*) as total FROM tanay_auction_users;");
46. //$result = $stmt->execute();
47.  
48. //echo $result;
49.  
50. for($x = 1; $x <= $number_of_rows+0; $x++)
51. {
52. $queryuser = "SELECT name FROM `tanay_xcatt_runners` WHERE id = $x";
53. $userresult = $conn->prepare($queryuser);
54. $userresult->execute();
55. $uresult = $userresult->fetchcolumn();
56. $querypass = "SELECT password FROM `tanay_xcatt_runners` WHERE id = $x";
57. $passresult = $conn->prepare($querypass);
58. $passresult->execute();
59. $presult = $passresult->fetchColumn();
60. $queryd = "SELECT deleted FROM `tanay_xcatt_runners` WHERE id = $x";
61. $dresult = $conn->prepare($queryd);
62. $dresult->execute();
63. $d = $dresult->fetchColumn();
64. echo "dleted number is -------------------------------" . $d ;
65. //print($userresult);
66. //print_r($presult);
67.  
68. if (strpos($user, $uresult) !== false)
69. {
70. if ($d == 1)
71. {
72. session_destroy();
73. header('Location: kick.html');
74. }
75. if (sha1($pass) === $presult)
76. {
77. if ($d == 1)
78. {
79. session_destroy();
80. header('Location: kick.html');
81. }
82. else
83. {
84. echo "<h1>Success!</h1>";
85. $_SESSION["status"] = "authorized";
86. $_SESSION["type"] = "runner";
87. $_SESSION["name"] = $user;
88. $_SESSION["id"] = $x;
89. if ($_SESSION["id"] === 1)
90. {
91.  
92. $_SESSION["type"] = "coach";
93. echo "this is a coach";
94. header('Location: coachHome.php');
95. }
96. //setcookie("user", "value", time() - 3600);
97. //$cookie_name = "authorizeduser";
98. //$cookie_value = $user;
99. //setcookie($cookie_name, $cookie_value, time() + 3600, "/");
100. else
101. {
102. echo "this is a runner";
103. header('Location: runnerHome.php');
104. }
105. }
106. }
107. else {
108. $count++;
109. if ($count==$number_of_rows)
110. {
111. echo "<h1>Incorrect Login!</h1>";
112. session_destroy();
113. //setcookie("user", "value", time() - 3600);
114. }
115.  
116. }
117. }
118.  
119. else {
120. $count++;
121. if ($count==$number_of_rows)
122. {
123. echo "<h1>Incorrect Login!</h1>";
124. session_destroy();
125. //setcookie("user", "value", time() - 3600);
126. }
127.  
128. }
129. }
130.  
131. }
132. catch(PDOException $e)
133. {
134. echo "Error: " . $e->getMessage();
135. }
136.  
137.  
138.  
139.  
140. $conn = null;
141.  
142.  
143. ?>
144. </body>
145. </html>