<?php $username = $_REQUEST["txt_username"]; $password = $_REQUEST["txt_pass

1. <?php
2.     $username = $_REQUEST["txt_username"];
3.     $password = $_REQUEST["txt_password"];
4.    
5.     $host = "127.0.0.1";
6.     $user = "root";
7.     $pass = "12157114";
8.    
9.     try {
10.         $dbh = new PDO("mysql:host=$host;dbname=logansarchive", $user, $pass);
11.     }
12.     catch(PDOException $e) {
13.         echo $e->getMessage();
14.     }
15.    
16.     $hashed_pass = substr(sha1($password), 0, 10);
17.    
18.     $sql = "select * from admin where adminname = :name and password = :pass";
19.     //echo $sql."<br />Count: ";
20.     $result = $dbh->prepare($sql);
21.    
22.     $result->bindParam(":name", $username);
23.     $result->bindParam(":pass", $hashed_pass);
24.    
25.     $result->execute();
26.     $count = $result->fetchAll();
27.    
28.     //$link = mysql_connect($host, $user, $pass);
29.     //mysql_select_db("logansarchive", $link);
30.     //$result = mysql_query("select * from admin where adminname = '".$username."' and password = '".$hashed_pass."'", $link);
31.     //$numrows = mysql_num_rows($result);
32.    
33.     //$link = null;
34.     //$result = null;
35.    
36.     if ($count == 1) {
37.             foreach ($dbh->query($sql) as $row) {
38.             $_SESSION["adminid"] = $row["adminid"];
39.             $_SESSION["adminname"] = $row["adminname"];
40.             $_SESSION["lastlogin"] = $row["lastlogin"];
41.         }
42.         header("Location: /logansarchive/admin/index.php");
43.     }
44.     else {
45.         header("Location: /logansarchive/admin/login.php?login_attempt=1");
46.     }  
47. ?>
48.  
49.