Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //connect to db
- require('config.php');
- mysql_connect($host, $user, $pass) or die('Bad mysql settings; fix config.php');
- mysql_select_db($db) or die('Database does not exist; fix config.php');
- //check login
- session_start();
- $in = ($_SESSION['logged_in'] == 'Yes');
- if ($_GET['action'] == 'logout') {
- $in = false;
- $admin = false;
- }
- if (!$in) {
- //check if they're trying to login
- if ($_POST) {
- $u = mysql_real_escape_string($_POST['username']);
- $p = md5($_POST['password']);
- if (!empty($u) && !empty($p)) {
- $valid_users = mysql_query("SELECT * FROM users WHERE username='$u' AND password='$p'");
- if (mysql_num_rows($valid_users) > 0) {
- //log me in
- $user_data = mysql_fetch_array($valid_users);
- $_SESSION['logged_in'] = 'Yes';
- $_SESSION['user'] = $user_data['user'];
- $_SESSION['username'] = $user_data['username'];
- $_SESSION['admin'] = $user_data['admin'];
- $in = true;
- }
- }
- }
- }
- if($_SESSION['admin'] == 1) {
- $admin = true; }
- //change pw clicked
- //if($_GET['action'] == "changepw") {
- // $changepw = true; }
- //changing pw?
- if($_POST) {
- $changepw = mysql_real_escape_string($_POST['changepw']);
- $changepw2 = mysql_real_escape_string($_POST['changepw2']); }
- //do the pws match / change
- if (!empty($changepw) && !empty($changepw2)) {
Add Comment
Please, Sign In to add comment