Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ob_start();
- ?>
- <html>
- <body>
- <?php
- require_once("config.php");
- if(!isset($_SESSION['ID'])){
- echo('<form action="logintest.php" method="post">');
- echo('Username:<input type="text" name="user" /><br />');
- echo('Password:<input type="password" name="pass" /><br />');
- echo('<input type="Submit" value="Login" /></form><br />');
- }
- $user = mysql_real_escape_string($_POST["user"]); // Just the simplest of *many* filters.
- $pass = $_POST["pass"]; // Make DataBase correspond, means you don't need any filtering, either.
- $result = mysql_query("SELECT Password FROM login WHERE Username = '$user'") or die('No such user');
- $row = mysql_fetch_assoc($result);
- var_dump($row);
- $passtest = $row["Password"];
- if($pass==$passtest){
- $query = mysql_query("SELECT * FROM login WHERE Username = '$user'") or die(mysql_error);
- $row = mysql_fetch_assoc($query);
- $status = $row["Status"];
- var_dump($row);
- if(isset($status) && $status==5){
- $_SESSION['ID']=1;
- header("Location:admin.php");
- }else if(isset($status) && $status==0){
- $_SESSION['ID']=0;
- header("Location:shits.php");
- }
- }
- else
- {
- echo("Wrong Password/Username <br />");
- }
- mysql_close($con); // This should go in a config, too.
- ob_flush();
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement