Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- //variable to store error message
- $error='';
- if ( isset( $_POST[ 'submit' ] ) )
- {
- if (empty( $_POST[ 'username' ] ) || empty( $_POST[ 'password' ]))
- {
- $error = "Please input a username or password.";
- } else {
- // Define $username and $password
- $username = $_POST[ 'username' ];
- $password = $_POST[ 'password' ];
- // To protect MySQL injection for Security purpose
- $username = stripslashes( $username );
- $password = stripslashes( $password );
- $username = mysql_escape_string( $username );
- $password = mysql_escape_string( $password );
- //$password = md5($password);
- //Establishing Connection with Server by passing server_name, user_id and password as a parameter
- $connection = mysql_connect( "localhost", "ct5006mu_cms", "admin432" );
- //Selecting Database
- $db = mysql_select_db( "ct5006mu_portfolio", $connection );
- //SQL query to fetch information of registerd users and finds user match.
- $query = mysql_query( "SELECT * FROM users WHERE password='$password' AND username='$username'", $connection );
- //perform query
- $rows = mysql_num_rows( $query );
- if ( $rows == 1 ) {
- //Initializing Session
- $_SESSION[ 'login_user' ] = $username;
- //Redirecting to other page
- header( "location: profile.php" );
- } else {
- $error = "Username or Password is invalid";
- }
- //Closing Connection
- mysql_close( $connection );
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement