Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include "config.php";
- if(isset($_POST['username']) && isset($_POST['password']))
- {
- $username = $_POST ['username'];
- $password = md5($_POST['password']);
- $stmt = $db -> prepare("SELECT * FROM users WHERE username=? AND password=?");
- $stmt -> bindParam(1, $username);
- $stmt -> bindParam(2, $password);
- $stmt ->execute();
- $stmt2 = $db -> prepare ("SELECT * FROM sa_users WHERE username=? AND password=?");
- $stmt2 -> bindParam(1, $username);
- $stmt2 -> bindParam(2, $password);
- $stmt2 ->execute();
- $row = $stmt->fetch();
- $row2 = $stmt2->fetch();
- $user = $row['username'];
- $pass = $row['password'];
- $id = $row['user_id'];
- $id2 = $row2['sa_id'];
- $type = $row['type'];
- $type2 = $row2['type'];
- $user_status = $row['user_status'];
- if ($user_status == 'Disable')
- {
- ?>
- <div class="alert">
- <span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
- <strong>Error!</strong> Your account has been disabled!
- </div>
- <?php
- } else {
- if($username==$user && $pass==$password && $type2 == 'Super_Admin')
- {
- session_start();
- $_SESSION['username'] = $user;
- $_SESSION['password'] = $pass;
- $_SESSION['sa_id'] = $id2;
- $_SESSION['type'] = $type2;
- ?>
- <script>window.location.href='index.php'</script>
- <?php
- } else {
- if ($username==$user && $pass==$password && $type=='Admin')
- {
- session_start();
- $_SESSION['username'] = $user;
- $_SESSION['password'] = $pass;
- $_SESSION['user_id'] = $id;
- $_SESSION['type'] = $type;
- ?>
- <script>window.location.href='index.php'</script>
- <?php
- } else {
- if ($username!=$user && $pass!=$password)
- {
- ?>
- <div class="alert">
- <span class="closebtn" onclick="this.parentElement.style.display='none';">×</span>
- <strong>Error!</strong> Wrong Password/Username.
- </div>
- <?php
- }
- }
- }
- }
- }
- ?>
- <!--end of php -->
Add Comment
Please, Sign In to add comment