Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- /*##############################################
- # Shadowcms #
- # © 2011 #
- # Devbest #
- # #
- ##############################################
- */
- //Database Info
- $dbhost = "localhost"; // Default is localhost
- $dbname = "shadowcms"; //Database
- $dbuser = "root"; // Default is root
- $dbpass = "pass"; //phpmyadmin password
- $dbtable = "users"; //Database table
- // Connecting to database yay!
- mysql_connect($dbhost, $dbuser, $dbpass) or die ("Could not connect: ". mysql_error());
- mysql_select_db($dbname) or die (mysql_error());
- if (isset($_POST['username']) && isset($_POST['password']))
- {
- $username = $_POST['username']; $password = $_POST['password'];
- echo 'They are being passed<br />';
- }
- else
- {
- echo 'The post variables are not being passed';
- }
- echo '$_POST[\'password\'] = '.$_POST['password'].' and $_POST[\'username\'] = '.$_POST['username'];
- // Protect our login page from SQL injections
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $sql = "SELECT * FROM $table WHERE username = `".$username."` AND password = `".$password."`";
- $result = mysql_query($sql);
- if(!$result)
- {
- die ('Invalid query: '. mysql_error());
- }
- $count = mysql_num_rows($result);
- if($count == 1) {
- session_register("username");
- session_register("password");
- header("Location: me.php");
- }
- else
- {
- echo "Wrong username or password";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
