Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ob_start();
- ?>
- <html>
- <body>
- <?php
- if(!isset($_SESSION['ID']))
- {
- echo('<form action="logintest.php" method="post">');
- echo('Username:<input type="text" name="user" /><br />');
- echo('Password:<input type="password" name="pass" /><br /><input type="Submit" value="Login" /></form><br />');
- }
- ?>
- <?php
- $user1=$_POST["user"];
- $pass1=$_POST["pass"];
- $user=mysql_real_escape_string($user1);
- $pass=mysql_real_escape_string($pass1);
- $con=mysql_connect("localhost","root");
- if(!$con)
- {
- die('Could not Connect:'.mysql_error());
- }
- mysql_select_db("cms", $con);
- $result = mysql_query("SELECT Password FROM login WHERE Username = '$user'") or die('No such user');
- $row=mysql_fetch_assoc($result);
- $passtest=$row["Password"];
- if($row==false)
- {
- echo("Wrong password<br />");
- }
- else if($row==true)
- {
- if($pass!=$passtest)
- {
- echo("Wrong password and/or username");
- }
- else if($pass==$passtest)
- {
- $login=true;
- echo("Logged In successfully");
- $query = mysql_query("SELECT * from login WHERE Username = '$user'") or die(mysql_error);
- $row = mysql_fetch_assoc($query);
- $status = $row["Status"];
- if($status==1)
- {
- echo("<br />You are admin");
- header("Location:admin.php");
- $_SESSION['ID']=1;
- }
- else
- {
- echo("<br />You are not admin.");
- echo("<a href='noruser.php'>Proceed</a>");
- $_SESSION['ID']=0;
- header("Location:admin.php");
- }
- }
- else
- {
- echo("Wrong password");
- }
- }
- mysql_close($con);
- x
- ?>
- </body>
- </html>
- Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in D:\xampp\htdocs\logintest.php on line 19
- Wrong password
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
