Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ob_start();
- // Connect to MySQL
- $location=localhost;
- $dbusr=sj;
- $dbpass=hidden;
- $db=sj_mcwusers;
- $tbl_name=admins;
- mysql_connect("$location","$dbusr","$dbpass")or die("Failed to Connect");
- mysqL_select_db("$db")or die("Cannot select DB");
- // Get the username and password
- $preuser=$_POST['user'];
- $prepass=$_POST['pass'];
- // Sanitize input to prevent injection
- $pass = mysql_real_escape_string($prepass);
- $user = mysql_real_escape_string($preuser);
- // Does the user exist?
- $q="SELECT * FROM $tbl_name WHERE username='$user' AND password='$pass'";
- $result=mysql_query($sql);
- $numrow = mysql_numrows($result);
- if ($numrow != 1) {
- echo("Invalid username or password.");
- }
- else {
- $res = mysql_fetch_array($result);
- $_SESSION['level'] = $res['admlevel'];
- $_SESSION['id'] = $res['id'];
- $_SESSION['user'] = $res['user'];
- echo("login success");
- // End the OB
- ob_end_flush();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement