Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- /* Log the user out if requested */
- if(isset($_GET['act']) && $_GET['act'] == 'logout')
- {
- /* Check for CSRF */
- if(isset($_GET['token']) && $_GET['token'] == $_SESSION['token'])
- {
- session_destroy();
- header("Location: " . $_SERVER['PHP_SELF']);
- }
- else
- {
- exit("Token key incorrect. Possible hacking attempt.");
- }
- }
- /* Check if user is already logged in */
- if(!isset($_SESSION['id']))
- {
- /* Connect to the database */
- $conn = mysql_connect("localhost", "root", "removedforpastebin");
- mysql_select_db("one_page_login", $conn);
- /* Check if they attempted to login */
- if(isset($_POST['submit']))
- {
- /* Prepare data for query */
- $user = mysql_real_escape_string($_POST['user'], $conn);
- $pass = sha1($_POST['pass']);
- /* Select user id and password from database */
- $result = mysql_query("SELECT `id`, `password` FROM `users` WHERE `username`='" . $user . "'", $conn);
- /* Check that a user actually exists by that name */
- if(mysql_num_rows($result) != 0)
- {
- /* Check if password is correct */
- $array = mysql_fetch_assoc($result);
- if($array['password'] == $pass)
- {
- $_SESSION['id'] = $array['id'];
- $_SESSION['token'] = md5(microtime());
- header("Location: " . $_SERVER['PHP_SELF']);
- }
- else
- {
- echo "The password you entered was invalid!";
- }
- }
- else
- {
- echo "No user exists by that username!";
- }
- }
- else
- {
- /* Build the form */
- ?>
- <form name='login' method='post' action=''>
- <table>
- <tr>
- <td>Username</td>
- <td><input type='text' name='user' value='' /></td>
- </tr>
- <tr>
- <td>Password</td>
- <td><input type='password' name='pass' value='' /></td>
- </tr>
- <tr>
- <td colspan='2'><input type='submit' name='submit' value='Login!' /></td>
- </tr>
- </form>
- <?php
- }
- }
- else
- {
- echo "You are already logged in! <a href='?act=logout&token=" . $_SESSION['token'] . "'>Logout?</a>";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement