Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include "clean.input.php";
- include "db.php";
- // begin session
- session_start();
- // variables
- $upmsg = "";
- $msg = "";
- // validations
- if ($_SERVER['REQUEST_METHOD'] == 'POST')
- {
- if(empty($_POST['username']) || empty($_POST['password']))
- {
- $upmsg = '<div class="alert alert-warning fade in"><button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>Please fill all fields.</div>';
- }
- if($umsg == "" && $pmsg == "" && $upmsg == "" && $msg == "") {
- // user login details handle
- $username = $_POST["username"];
- $password = $_POST["password"];
- // cleaning input
- $username = cleanInput($username);
- $password = cleanInput($password);
- // escapes special characters in a string for use in an SQL statement
- $username = mysqli_real_escape_string($dbeam_con,$_POST['username']);
- $mypassword = mysqli_real_escape_string($dbeam_con,$_POST['password']);
- // username, email & password combination
- $query = "SELECT `id` FROM `users` WHERE (`username` = '$username' OR `email` = '$username'), `password` = '$password' AND `confirmed` = 'yes'";
- $result = mysqli_query($db,$query);
- $count = mysqli_num_rows($result);
- if($count == 1)
- {
- // successful login
- $_SESSION['username'] = $username;
- // update user login status
- $query = "UPDATE `users` SET `status` = 'online' WHERE `username` = '$username'";
- $result = mysqli_query($db,$query);
- // close database
- mysql_close($connection);
- //header location
- header("location: home.php");
- }
- else
- {
- $msg = '<div class="alert alert-danger fade in"><button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>Invalid, check username or password</div>';
- }
- }
- }
- ?>
- if(!$result = mysqli_query($db,$query)) {
- echo 'query error: '. mysqli_error($db);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement