Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include"config.php";
- //if there trying to login
- if(isset($_GET['login'])) {
- //removes sql injections from the data
- $username= htmlspecialchars(addslashes($_POST[username]));
- //encrypts the password
- $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password]))))))));
- //gets the username data from the members database
- $uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
- //see if the user exists
- $checkuser = mysql_num_rows($uinfo);
- //if user name not found in database error
- if($checkuser == '0')
- {
- echo "Sorry, that username doesnt exist.";
- }else{
- //fetch the sql
- $udata = mysql_fetch_array($uinfo);
- //checks see if the account is verified
- if($udata[userlevel] == 1) {
- echo "Please verify your account.";
- }
- //if it is continue
- else
- //if the db password and the logged in password are the same login
- if($udata[password] == $password) {
- $query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
- //fetchs the sql
- $user = mysql_fetch_array($query);
- //sets the logged session
- $_SESSION['id'] = "$user[id]";
- $_SESSION['password'] = "$user[password]";
- if($user[userlevel] == 0){
- echo"The account you are trying to access has been banned.";
- }else{
- echo "<center><img src='images/loading.gif'></center>"; //If you change the 0 below, maybe keep the loading image?
- //redirects them
- echo "<meta http-equiv='Refresh' content='0'/>"; //change the 0 to how long you want it to wait
- }
- }
- //wrong password
- else{
- echo "Unvalid username and password combination.";
- }
- }
- }else{
- //If not the above show the login form
- echo "Login form goes here";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement