Guest User

WTF

a guest
Aug 30th, 2017
113
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. - login.php
  2. <?php
  3. session_start();
  4. if(isset($_POST['login'], $_POST['password'], $_POST['password2'])) {
  5. if($_POST['password']==$_POST['password2']) {
  6. try {
  7. define("DBTYPE", "mysql");
  8. define("DBHOST", "localhost");
  9. define("DBNAME", "lab12");
  10. define("DBUSER", "root");
  11. define("DBPASS", "root");
  12. $db = new PDO(DBTYPE . ':host=' . DBHOST . ';dbname=' . DBNAME,DBUSER,DBPASS);
  13. $name = $_POST['login'];
  14. $pass = $_POST['password'];
  15. $db -> exec("USE lab12");
  16. $query = "SELECT * FROM users WHERE login=:name";
  17. $prep = $db->prepare($query);
  18. $prep->bindParam(':name',$name);
  19. $prep->execute();
  20. if($prep->rowCount()!=0) {
  21. $res = $prep->fetch();
  22. if($res[2]==$pass) {
  23. $_COOKIE['name'] = $name;
  24. $_COOKIE['pass'] = $pass;
  25. $_COOKIE['signedin'] = true;
  26. } else {
  27. $_SESSION['error'] = true;
  28. $_SESSION['err_type'] = "Wrong password.";
  29. header('Location: signin.php');
  30. exit;
  31. }
  32. } else {
  33. $_SESSION['error'] = true;
  34. $_SESSION['err_type'] = "User not found.";
  35. header('Location: index.php');
  36. exit;
  37. }
  38. } catch (PDOException $e) {
  39. $_SESSION['error'] = true;
  40. $_SESSION['err_type'] = "Unsuccessful SQL transaction. Please try again later.";
  41. header('Location: index.php');
  42. exit;
  43. }
  44. } else {
  45. $_SESSION['error'] = true;
  46. $_SESSION['err_type'] = "Passwords do not match.";
  47. header('Location: index.php');
  48. exit;
  49. }
  50. } else {
  51. $_SESSION['error'] = true;
  52. $_SESSION['err_type'] = "Please try again.";
  53. header('Location: signin.php');
  54. exit;
  55. }
  56. ?>
RAW Paste Data