<?phperror_reporting(0);include '../inc/database.php';session_start();

1. <?php
2. error_reporting(0);
3.  
4. include '../inc/database.php';
5.  
6. session_start();
7.  
8. $username = mysqli_real_escape_string($con, htmlspecialchars($_POST['username']));
9. $password = mysqli_real_escape_string($con, htmlspecialchars(md5($_POST['password'])));
10.  
11. $result = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'") or die(mysqli_error($con));
12. $row = mysqli_fetch_array($result);
13.  
14. $id = $row['id'];
15.  
16. $select_user = mysqli_query($con, "SELECT * FROM `users` WHERE `id` = '$id'") or die(mysqli_error($con));
17. $row2 = mysqli_fetch_array($select_user);
18.  
19. $user = $row2['username'];
20.  
21. if($username != $user){
22. die();
23.  
24. }
25. $pass_check = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username' AND `id` = '$id'") or die(mysqli_error($con));
26. $row3 = mysqli_fetch_array($pass_check);
27.  
28. $email = $row3['email'];
29.  
30. $select_pass = mysqli_query($con, "SELECT * FROM `users` WHERE `username` = '$username' AND `id` = '$id' AND `email` = '$email'") or die(mysqli_error($con));
31. $row4 = mysqli_fetch_array($select_pass);
32.  
33. $real_password = $row4['password'];
34.  
35. if($password != $real_password){
36. die("Falsches Passwort!");
37. }
38.  
39. $email = $row['email'];
40. $rank = $row['rank'];
41.  
42. $_SESSION['id'] = $id;
43. $_SESSION['username'] = $username;
44. $_SESSION['password'] = $password;
45. $_SESSION['email'] = $email;
46. $_SESSION['rank'] = $rank;
47.  
48. header("Location: ../index.php");
49.  
50. ?>