Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include('function.php');
- $host="allenleidb.db.9130322.hostedresource.com"; // Host name
- $username="allenleidb"; // username
- $password="Plsw84gs"; // password
- $db_name="allenleidb"; // Database name
- $tbl_name="accounts"; // Table name
- // Replace database connect functions depending on database you are using.
- mysql_connect("$host", "$username", "$password");
- mysql_select_db("$db_name");
- // username and password sent from form
- //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection!
- $u = mysql_real_escape_string($_POST['username']);
- $username=mysql_real_escape_string($_POST['username']);
- $p = mysql_real_escape_string($_POST['password']);
- $password=mysql_real_escape_string($_POST['password']);
- $s = mysql_query("SELECT * FROM `accounts` WHERE `name`='".sql_sanitize($u)."'") or die(mysql_error());
- $i = mysql_fetch_array($s);
- if($i['password'] == hash('sha512',$p.$i['salt']) || sha1($p) == $i['password']) {
- $user = mysql_query("SELECT * FROM `accounts` WHERE `name`='".sql_sanitize($i['name'])."' AND `password`='".sql_sanitize($i['password'])."'") or die(mysql_error());
- $auser = mysql_fetch_array($user);
- $_SESSION['id'] = $auser['id'];
- $_SESSION['name'] = $auser['name'];
- if($auser['webadmin'] == "1"){
- $_SESSION['admin'] = $auser['webadmin'];
- }
- header("location:login_success.php");
- } else {
- echo "wrong password";
- }
- ?>
Add Comment
Please, Sign In to add comment