Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start (); //this will start a session to allow for members area if AUTH contained lower in the script is correct session will continue to the secured pages, session will remember this correct input until session if destroyed via log out button
- $username = htmlentities($_POST ['username']); //will pull results from database using html entities will help protect against code injection ensure that $username is reflected in later instances
- $password =htmlentities($_POST ['password']);
- include '../includes/cconfig.php'; //using connection config file
- $dbconn = mysqli_connect
- ("$server", "$server_un", "$server_pw", "$schema");
- if (mysqli_connect_errno())
- {
- echo "Failed to connect to MYSQLI:" .
- mysqli_connect_error();
- }
- else
- {
- echo "Successfully connected to <br>" . $schema;
- }
- //query
- $sql = "SELECT `pw` from `$schema`.`$tbl_user` WHERE `email`='$email'";
- $result = mysqli_query ($dbconn, $sql)
- or die (mysqli_error($dbconn)); // this will display the error
- if($result)
- {
- print"correct<br>";
- }
- else
- {
- print"we could not connect because".mysqli_error()."<br>";
- }
- $numrows = mysqli_num_rows($result);
- echo $numrows."<br>";
- if ($numrows==0) // no recordsfound
- {
- echo "this record has not been found\n";
- } else {
- print "Row count is " . $numrows . "<br>";
- }
- $result = mysqli_query ($dbconn, $sql); // defining result this says you are using the sql and dbh commands
- while ($row = mysqli_fetch_array($result)) // pulling results from database
- {
- //print " in loop <br>";
- //print " Pass is " . $row['Pass'] . " <br \>";
- if(strcmp($password, $row['pw'])===0) //this is comparing the pasword entered to the password in the database, also allows you to compare encrypted passwords.
- {
- print "well done</br>";
- $_SESSION['AUTH']="OK";
- //Header( "HTTP/1.1 301 Moved Permanently" );
- Header( "Location:../admin/index.php" ); // if username and password correct then this will redirect to password protected page *** edit location accordingly***
- }
- else
- {
- print "no that is incorrect</br>"; // this is diplaying that you have entered the wrong password, wont diclose it is the password that is incorrect for extra security
- $_SESSION['AUTH']="U melon";
- //Header( "HTTP/1.1 301 Moved Permanently" );
- Header( "Location:../../index.php" ); // if username and password correct then this will redirect to password protected page
- }
- }
- echo "log off now!\n";
- mysqli_close($dbconn);
- echo "an your off!\n";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement