Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Include functions
- session_start();
- error_reporting(E_STRICT);
- ini_set("display_errors", "on");
- //Check for injection and if clean then sanitize the string
- $username = $_POST['username'];
- if (preg_match('%[*()/\\#=+-]%', $username)) {
- $errors[] = "nice try hacker :)";
- }
- else {
- $username = stripslashes($username);
- $username = mysql_real_escape_string($username);
- }
- //Check for injection and if clean then sanitize the string
- $password = $_POST['password'];
- if (preg_match('%[*()/\\#=+-]%', $username)) {
- $errors[] = "nice try hacker :)";
- }
- else {
- $password = stripslashes($password);
- $password = mysql_real_escape_string($password);
- }
- $errors = array();
- //connect to database and check for a valid username
- $usernameGrab = "SELECT * FROM `users` WHERE `username` = '$username'";
- $usernameResult = $db->query($usernameGrab);
- $usernameCount = $usernameResult->size();
- if (!$usernameResult) {
- $errors[] = 'Query Failed. Please contact administrator!';
- }
- else {
- if($usernameCount < 1){
- $errors[] = "That username doesn't exist";
- }
- }
- //connect to database and check for a valid password
- $passwordGrab = "SELECT * FROM `users` WHERE `password` = '$password'";
- $passwordResult = $db->query($passwordGrab);
- $passwordCount = $passwordResult->size();
- if (!$passwordResult) {
- $errors[] = 'Query failed. Please contact admionistrator';
- }
- else {
- if($passwordCount < 1) {
- $errors[] = 'wrong password!';
- }
- }
- //If there was errors > define the errors so they can be output
- if (!empty($errors)){
- $errorOutput = join('',$errors);
- define(ERRORS, $errorOutput);
- }
- //If everything went well > Grab Session Data
- else {
- include('session.php');
- }
- ?>
Add Comment
Please, Sign In to add comment