Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if (isset($_SESSION['username'])) {
- header("Location: index.php");
- exit;
- }
- if (isset($_GET["user"])) {
- if ($_GET["user"] == "login") {
- include('mysql.php');
- $user = mysqli_real_escape_string($mysqli, $_POST['username']);
- $pw = mysqli_real_escape_string($mysqli, $_POST['password']);
- $data = 0;
- $sql = "SELECT username FROM users WHERE username = '$user'";
- $result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));
- while ($row = mysqli_fetch_object($result)) {
- $data++;
- }
- if ($data != 0) {
- include('mysql.php');
- $data = 0;
- $sql = "SELECT password FROM users WHERE username = '$user'";
- $result = mysqli_query($mysqli, $sql) or die(mysqli_error($mysqli));
- while ($row = mysqli_fetch_array($result)) {
- if (password_verify($pw, $row["password"])) {
- session_start();
- $_SESSION['username'] = $user;
- header('Location: index.php');
- exit;
- } else {
- echo 'Falsche Benutzerdaten!';
- }
- }
- } else {
- echo 'Benutzer existiert nicht!';
- }
- }
- } ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
