Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!doctype html>
- <?php
- //$cookie_name = "user";
- //$cookie_value = "value";
- //setcookie($cookie_name, $cookie_value, time() + 3600, "/");
- session_start();
- ?>
- <html>
- <head>
- <meta charset="utf-8">
- <title>Login PHP</title>
- </head>
- <body>
- <h1>Login PHP</h1>
- <?php
- function sanitize($data)
- {
- // apply stripslashes if magic_quotes_gpc is enabled
- if(get_magic_quotes_gpc())
- {
- $data = stripslashes($data);
- }
- return $data;
- }
- //echo "number of cookies: ".count($_COOKIE);
- $user = sanitize($_GET['username']);
- $pass = sanitize($_GET['pwd']);
- $servername = "localhost";
- $username = "playground18";
- $password = "Cdz5SOVrY2p8fnWS";
- $dbname = "playground18";
- try
- {
- $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $sql = "SELECT count(*) FROM `tanay_xcatt_runners` WHERE id > 0";
- $result = $conn->prepare($sql);
- $result->execute();
- $number_of_rows = $result->fetchColumn();
- //print($number_of_rows);
- //$stmt = $conn->prepare("SELECT COUNT(*) as total FROM tanay_auction_users;");
- //$result = $stmt->execute();
- //echo $result;
- for($x = 1; $x <= $number_of_rows+0; $x++)
- {
- $queryuser = "SELECT name FROM `tanay_xcatt_runners` WHERE id = $x";
- $userresult = $conn->prepare($queryuser);
- $userresult->execute();
- $uresult = $userresult->fetchcolumn();
- $querypass = "SELECT password FROM `tanay_xcatt_runners` WHERE id = $x";
- $passresult = $conn->prepare($querypass);
- $passresult->execute();
- $presult = $passresult->fetchColumn();
- $queryd = "SELECT deleted FROM `tanay_xcatt_runners` WHERE id = $x";
- $dresult = $conn->prepare($queryd);
- $dresult->execute();
- $d = $dresult->fetchColumn();
- echo "dleted number is -------------------------------" . $d ;
- //print($userresult);
- //print_r($presult);
- if (strpos($user, $uresult) !== false)
- {
- if ($d == 1)
- {
- session_destroy();
- header('Location: kick.html');
- }
- if (sha1($pass) === $presult)
- {
- if ($d == 1)
- {
- session_destroy();
- header('Location: kick.html');
- }
- else
- {
- echo "<h1>Success!</h1>";
- $_SESSION["status"] = "authorized";
- $_SESSION["type"] = "runner";
- $_SESSION["name"] = $user;
- $_SESSION["id"] = $x;
- if ($_SESSION["id"] === 1)
- {
- $_SESSION["type"] = "coach";
- echo "this is a coach";
- header('Location: coachHome.php');
- }
- //setcookie("user", "value", time() - 3600);
- //$cookie_name = "authorizeduser";
- //$cookie_value = $user;
- //setcookie($cookie_name, $cookie_value, time() + 3600, "/");
- else
- {
- echo "this is a runner";
- header('Location: runnerHome.php');
- }
- }
- }
- else {
- $count++;
- if ($count==$number_of_rows)
- {
- echo "<h1>Incorrect Login!</h1>";
- session_destroy();
- //setcookie("user", "value", time() - 3600);
- }
- }
- }
- else {
- $count++;
- if ($count==$number_of_rows)
- {
- echo "<h1>Incorrect Login!</h1>";
- session_destroy();
- //setcookie("user", "value", time() - 3600);
- }
- }
- }
- }
- catch(PDOException $e)
- {
- echo "Error: " . $e->getMessage();
- }
- $conn = null;
- ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment