Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Retrieve username and password from database according to user's input, preventing sql injection
- $query ="SELECT * FROM affiliateuser WHERE (username = '" . mysqli_real_escape_string($con,$_POST['username']) . "') AND (password = '" . mysqli_real_escape_string($con,$_POST['password']) . "') AND (active = '" . mysqli_real_escape_string($con,"1") . "') AND (level = '" . mysqli_real_escape_string($con,"1") . "')";
- if ($stmt = mysqli_prepare($con, $query)) {
- /* execute query */
- mysqli_stmt_execute($stmt);
- /* store result */
- mysqli_stmt_store_result($stmt);
- $num=mysqli_stmt_num_rows($stmt);
- /* close statement */
- mysqli_stmt_close($stmt);
- }
- //mysqli_close($con);
- // Check username and password match
- if (($num) == 1) {
- $sqlquery11="SELECT expiry FROM affiliateuser where username = '$username'"; //fetching expiry date of username from table
- $rec211=mysqli_query($con,$sqlquery11);
- $row211 = mysqli_fetch_row($rec211);
- $expirydate=$row211[0]; //assigning expiry date
- $curdate=date("Y-m-d");
- if($curdate > $expirydate)
- {
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement