Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //check for required fields
- if ((!$_POST["username"]) || (!$_POST["password"])) {
- header("Location: userlogin.html");
- exit;
- }
- //connect to server and select database
- $conn = mysql_connect("localhost", "calamity", "testpass")
- or die(mysql_error());
- mysql_select_db("arcade", $conn) or die(mysql_error());
- #clean the input strings
- $user = mysql_real_escape_string($_POST['username']);
- #hash the pass, be sure to use the same hashed password when inserting
- $pass = mysql_real_escape_string(crypt($_POST['password'],'someverylongsalt'));
- $sql = "select f_name, l_name from auth_users where username = '$user' AND password = '$pass'";
- $result = mysql_query($sql,$conn) or die(mysql_error());
- //get the number of rows in the result set, should be one if match
- if (mysql_num_rows($result) == 1) {
- //if authorised get the values of f_name l_name
- $f_name = mysql_result($result, 0, 'f_name');
- $l_name = mysql_result($result, 0, 'l_name');
- //set auth cookie
- setcookie("auth", "1", 0, "/", "localhost", 0);
- //create display string
- $display_block = "<p>$f_name $l_name is authorized!</p>
- <p>Authorised Users' Menu:
- <ul>
- <li><a href=\"secretpage.php\">secret page</a>
- </ul>";
- } else {
- //redirect back to login form if not authorised
- header("Location: userlogin.html");
- exit;
- }
- ?>
- <html>
- <head>
- <title>user login</title>
- </head>
- <body>
- <? echo $display_block; ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment