Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <body>
- <?php
- session_start();
- $username = $_POST['username'];
- $password = $_POST['password'];
- $dbhost = 'localhost';
- $dbname = 'basiclogin';
- $dbuser = 'root';
- $dbpass = 'Password@1'; //not really
- $conn = mysql_connect($dbhost, $dbuser, $dbpass);
- mysql_select_db($dbname, $conn);
- $username = mysql_real_escape_string($username);
- $query = "SELECT password, salt
- FROM users
- WHERE username = '$username';";
- if (!mysql_query($query,$conn))
- {
- die('Error: ' . mysql_error());
- }
- $result = mysql_query($query);
- if(mysql_num_rows($result) < 1) //no such user exists
- {
- header('Location: login.php');
- }
- $userData = mysql_fetch_array($result, MYSQL_ASSOC);
- $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
- if($hash != $userData['password']) //incorrect password
- {
- header('Location: login.php');
- }
- else
- {
- //Login Successful
- session_regenerate_id();
- $member = mysql_fetch_assoc($result);
- $_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
- session_write_close();
- header("location: welcome.php");
- }
- ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment