Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- // Connecting to the database
- include 'mysql.php';
- // Sanitize input to prevent injections
- $username = $_POST['username'];
- // Encrypt the password so real input isn't stored in the cookie
- $password = $_POST['password'];
- $salt = $username . $password;
- $hash = hash('sha256', $salt . $password);
- // Perform the SQL queries
- $db = new mysqli($host, $username, $password, $database);
- if (!$db) {
- echo "Can't connect to MySQL Server. Errorcode: %s\n". mysqli_connect_error();
- exit;
- }
- $login = $db -> stmt_init();
- $login->prepare("SELECT * FROM $login_table WHERE `username` = ?, `password` = ?");
- $login->bind_param('ss', $username, $password);
- if($login->execute();) == 1) {
- $_SESSION["valid_user"] = $_POST["username"];
- $_SESSION["valid_time"] = time();
- $_SESSION["valid_pw"] = $password;
- Header("Location: admin.php");
- } else {
- die("Invalid login.");
- }
- ?>
Add Comment
Please, Sign In to add comment