API tools faq
paste
Advertisement
Guest User

work

a guest
Feb 29th, 2016
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.45 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start (); //this will start a session to allow for members area if AUTH contained lower in the script is correct session will continue to the secured pages, session will remember this correct input until session if destroyed via log out button
  3. $username = htmlentities($_POST ['username']); //will pull results from database using html entities will help protect against code injection ensure that $username is reflected in later instances
  4. $password =htmlentities($_POST ['password']);
  5. include '../includes/cconfig.php'; //using connection config file
  6. $dbconn = mysqli_connect
  7. ("$server", "$server_un", "$server_pw", "$schema");
  8.  
  9. if (mysqli_connect_errno())
  10.  
  11. {
  12. echo "Failed to connect to MYSQLI:" .
  13. mysqli_connect_error();
  14.  
  15. }
  16. else
  17. {
  18.  
  19. echo "Successfully connected to <br>" . $schema;
  20.  
  21.  
  22. }
  23. //query
  24. $sql = "SELECT `pw` from `$schema`.`$tbl_user` WHERE `email`='$email'";
  25. $result = mysqli_query ($dbconn, $sql)
  26. or die (mysqli_error($dbconn)); // this will display the error
  27.  
  28.  
  29.  
  30.  
  31.  
  32. if($result)
  33. {
  34. print"correct<br>";
  35. }
  36. else
  37. {
  38. print"we could not connect because".mysqli_error()."<br>";
  39. }
  40. $numrows = mysqli_num_rows($result);
  41.  
  42. echo $numrows."<br>";
  43.  
  44. if ($numrows==0) // no recordsfound
  45. {
  46. echo "this record has not been found\n";
  47. } else {
  48. print "Row count is " . $numrows . "<br>";
  49. }
  50. $result = mysqli_query ($dbconn, $sql); // defining result this says you are using the sql and dbh commands
  51. while ($row = mysqli_fetch_array($result)) // pulling results from database
  52. {
  53. //print " in loop <br>";
  54. //print " Pass is " . $row['Pass'] . " <br \>";
  55. if(strcmp($password, $row['pw'])===0) //this is comparing the pasword entered to the password in the database, also allows you to compare encrypted passwords.
  56. {
  57. print "well done</br>";
  58. $_SESSION['AUTH']="OK";
  59. //Header( "HTTP/1.1 301 Moved Permanently" );
  60. Header( "Location:../admin/index.php" ); // if username and password correct then this will redirect to password protected page *** edit location accordingly***
  61. }
  62. else
  63. {
  64. print "no that is incorrect</br>"; // this is diplaying that you have entered the wrong password, wont diclose it is the password that is incorrect for extra security
  65. $_SESSION['AUTH']="U melon";
  66. //Header( "HTTP/1.1 301 Moved Permanently" );
  67. Header( "Location:../../index.php" ); // if username and password correct then this will redirect to password protected page
  68. }
  69. }
  70. echo "log off now!\n";
  71. mysqli_close($dbconn);
  72. echo "an your off!\n";
  73. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!