API tools faq
paste
Guest User

Amandeep Singh

a guest
Feb 23rd, 2016
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.09 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. include 'db_connection.php'; // Assume this external script connects us to the database
  4.  
  5. // check and/or Start session
  6. if (session_status() == PHP_SESSION_NONE) {
  7. session_start();
  8. }
  9.  
  10. // Extract POST variables: 'username', 'password', and 'filename'
  11. extract($_POST);
  12.  
  13. // Check if user is already logged in
  14. if (isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] == '1') {
  15.  
  16. // Output confidential file contents to user
  17. echo shell_exec('cat ~/confidential_info/' . $filename);
  18.  
  19. } else {
  20.  
  21. // Check login credentials
  22. $query =
  23. "SELECT * FROM users WHERE ".
  24. "username = '" . $username . "' AND ".
  25. "password = '" . $password . "';"; //Commented by: Amandeep Singh : SEMI - COLON WAS MISSING.
  26.  
  27. $result = mysql_query($query);
  28.  
  29. if (mysql_num_rows($result) > 0) {
  30.  
  31. // Login information matched credentials!
  32. $_SESSION['is_logged_in'] = '1';
  33.  
  34. // Output confidential file contents to user
  35. echo shell_exec('cat ~/confidential_info/' . $filename);
  36.  
  37. } else {
  38.  
  39. // Login information did not match!
  40. die('You do not have access.');
  41.  
  42. }
  43. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!