SHOW:
|
|
- or go back to the newest paste.
| 1 | <?php | |
| 2 | $username = $_REQUEST["txt_username"]; | |
| 3 | $password = $_REQUEST["txt_password"]; | |
| 4 | ||
| 5 | $host = "127.0.0.1"; | |
| 6 | $user = "root"; | |
| 7 | $pass = "12157114"; | |
| 8 | ||
| 9 | try {
| |
| 10 | $dbh = new PDO("mysql:host=$host;dbname=logansarchive", $user, $pass);
| |
| 11 | } | |
| 12 | catch(PDOException $e) {
| |
| 13 | echo $e->getMessage(); | |
| 14 | } | |
| 15 | ||
| 16 | $hashed_pass = substr(sha1($password), 0, 10); | |
| 17 | ||
| 18 | - | $sql = "select * from admin where adminname = '".$username."' and password = '".$hashed_pass."'"; |
| 18 | + | $sql = "select * from admin where adminname = :name and password = :pass"; |
| 19 | //echo $sql."<br />Count: "; | |
| 20 | $result = $dbh->prepare($sql); | |
| 21 | ||
| 22 | $result->bindParam(":name", $username);
| |
| 23 | $result->bindParam(":pass", $hashed_pass);
| |
| 24 | ||
| 25 | $result->execute(); | |
| 26 | $count = $result->fetchAll(); | |
| 27 | ||
| 28 | //$link = mysql_connect($host, $user, $pass); | |
| 29 | //mysql_select_db("logansarchive", $link);
| |
| 30 | //$result = mysql_query("select * from admin where adminname = '".$username."' and password = '".$hashed_pass."'", $link);
| |
| 31 | //$numrows = mysql_num_rows($result); | |
| 32 | ||
| 33 | //$link = null; | |
| 34 | //$result = null; | |
| 35 | ||
| 36 | if ($count == 1) {
| |
| 37 | foreach ($dbh->query($sql) as $row) {
| |
| 38 | $_SESSION["adminid"] = $row["adminid"]; | |
| 39 | $_SESSION["adminname"] = $row["adminname"]; | |
| 40 | $_SESSION["lastlogin"] = $row["lastlogin"]; | |
| 41 | } | |
| 42 | header("Location: /logansarchive/admin/index.php");
| |
| 43 | } | |
| 44 | else {
| |
| 45 | header("Location: /logansarchive/admin/login.php?login_attempt=1");
| |
| 46 | } | |
| 47 | ?> | |
| 48 | ||
| 49 |
