Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_POST['submit'])) {
- if (isset($_SESSION['token'])
- && $_POST['token'] == $_SESSION['token']) {
- $_POST['username'] = mysql_real_escape_string($_POST['username']);
- $_POST['password'] = sha1($salt1 . $_POST['password'] . $salt2);
- $user_query = "SELECT id, userlevel FROM users WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "'";
- $user_result = mysql_query($user_query);
- if (mysql_num_rows($user_result) == 0) {
- $error = 'Fel användarnamn eller lösenord';
- } else {
- $row = mysql_fetch_assoc($user_result);
- $banned_query = "SELECT * FROM bans WHERE user_id = " . mysql_real_escape_string($row['id']) . " AND time > current_date OR time IS NULL";
- $banned_result = mysql_query($banned_query);
- session_regenerate_id();
- if (mysql_num_rows($banned_result) == 0) {
- $_SESSION['logged_in'] = TRUE;
- $_SESSION['user_id'] = $row['id'];
- $_SESSION['userlevel'] = $row['userlevel'];
- header("Location: index.php");
- exit;
- } else {
- $ban_row = mysql_fetch_assoc($banned_result);
- $_SESSION['banned'] = TRUE;
- $_SESSION['user_id'] = $ban_row['user_id'];
- header("Location: banned.php");
- exit;
- }
- }
- }
- }
- if (isset($_GET['logout'])) {
- session_destroy();
- session_unset();
- header("Location: index.php");
- exit;
- }
- $token = md5(uniqid(rand(), true));
- $_SESSION['token'] = $token;
Add Comment
Please, Sign In to add comment