Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- +---------+----------+--------
- | login_ID | Login_PW| auth |
- +-------=--+---------+--------
- | User_test| 123 | null |
- +----------+---------+--------
- <?php
- function clean($str)
- {
- $str = @trim($str);
- if(get_magic_quotes_gpc()) {
- $str = stripslashes($str);
- }
- return $str;
- }
- //Sanitize the POST values
- if (isset($_POST['username']))
- {
- $username = clean($_POST['username']);
- }
- if (isset($_POST['password']))
- {
- $password = clean($_POST['password']);
- }
- /* Create a new mysqli object with database connection parameters */
- $mysqli = mysqli_connect('localhost', 'root', '', 'draftdb');
- if(mysqli_connect_errno())
- {
- echo "Connection Failed: " . mysqli_connect_errno();
- exit();
- }
- /* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */
- /* Create a prepared statement */
- if($stmt = $mysqli -> prepare("
- SELECT Login_ID, Login_PW
- FROM login
- WHERE Login_ID=? AND Login_PW=?
- "))
- {
- /* Bind parameters
- s - string, b - boolean, i - int, etc */
- $stmt -> bind_param("ss", $username, $password);
- /* Execute it */
- $result = $stmt -> execute();
- /* Bind results to variables that will be used within the fetch() loop. */
- $stmt -> bind_result($username, $password);
- //Check whether the query was successful or not
- if ($result === false)
- {
- die("Query failed");
- }
- /* Iterate over the results of the query. */
- while ($stmt->fetch())
- { //while loop open
- if($_POST['username'] == $username && $_POST['password'] == $password)
- {
- //$member = mysqli_fetch_assoc($result);
- session_regenerate_id();
- /* We can create a _SESSION cause we binded the result to those variables above. */
- //$_SESSION['SESS_MEMBER_ID'] = $username;
- $_SESSION['username'] = $_POST['username'];
- session_write_close();
- header("location: member-index.php");
- exit();
- }
- elseif($result -> num_rows == 0 )
- {
- header("location: login-failed.php");
- exit();
- }
- }//while loop close
- /* Close statement */
- $stmt -> close();
- }//main if close
- /* Close connection */
- $mysqli -> close();
- <?php
- //Start session
- session_start();
- //Check whether the session variable SESS_MEMBER_ID is present or not
- if(!$_SESSION['username']) {
- header("location: access-denied.php");
- exit();
- }
- ?>
- /* Execute it */
- $result = $stmt -> execute();
- $stmt -> store_result();
- .
- .
- .
- elseif($stmt -> num_rows == 0 ) // note $stmt instead of $result
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement