Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- public function controllo_login() {
- if($_SESSION['username']) {
- header("Location: ../me.php");
- exit;
- }
- if(!isset($_GET['login'])) {
- $_GET['login'] = 'no';
- }
- if($_GET['login'] == "ok") {
- /*FILTRO LE VARIABILI & CRYPTO LA PASSWORD PER MAGGIORE SICUREZZA IN USCITA DAL FORM */
- $username = $this->Filtro($_POST["username"]);
- $password = $this->Filtro($_POST['password']);
- $password = sha1($password);
- if(isset($username, $password)) {
- /* ESEGUO LE QUERY UTILI */
- $query = $this->conn->prepare("SELECT * FROM users WHERE username = :nomeutente");
- $query->execute(array('nomeutente' => $username));
- $num_usr = $query->rowCount();
- $fields_usr = $query->fetch(PDO::FETCH_ASSOC);
- $query2 = $this->conn->prepare("SELECT * FROM bans WHERE value = :nomeutente");
- $query2->execute(array('nomeutente' => $username));
- $num_ban = $query2->rowCount();
- if ($num_usr == 0) {
- $err= "L'utente non esiste!";
- } elseif($num_ban >= 1) {
- $err= "Sei stato bannato!";
- } elseif($password != $fields_usr['password']) {
- $err= "Password non corretta!";
- } elseif($password == $fields_usr['password']) {
- $_SESSION['username'] = $fields_usr['username'];
- $_SESSION['password'] = $fields_usr['password'];
- header('location: ../me.php');
- exit;
- }
- }
- echo '<center><div id="errore">'.$err.'</div></center>';
- }
- }
Add Comment
Please, Sign In to add comment