API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 15th, 2019
339
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.00 KB | None | 0 0
raw download clone embed print report
  1. +---------+----------+--------
  2. | login_ID | Login_PW| auth |
  3. +-------=--+---------+--------
  4. | User_test| 123 | null |
  5. +----------+---------+--------
  6.  
  7.  
  8. <?php
  9. function clean($str)
  10. {
  11. $str = @trim($str);
  12. if(get_magic_quotes_gpc()) {
  13. $str = stripslashes($str);
  14. }
  15. return $str;
  16. }
  17.  
  18. //Sanitize the POST values
  19.  
  20. if (isset($_POST['username']))
  21. {
  22. $username = clean($_POST['username']);
  23. }
  24.  
  25.  
  26. if (isset($_POST['password']))
  27. {
  28. $password = clean($_POST['password']);
  29.  
  30. }
  31.  
  32. /* Create a new mysqli object with database connection parameters */
  33. $mysqli = mysqli_connect('localhost', 'root', '', 'draftdb');
  34.  
  35. if(mysqli_connect_errno())
  36. {
  37. echo "Connection Failed: " . mysqli_connect_errno();
  38. exit();
  39. }
  40.  
  41. /* Is your username the same as the login_id? If not you need to change this query's where to use the username column not the login_id. */
  42.  
  43. /* Create a prepared statement */
  44. if($stmt = $mysqli -> prepare("
  45. SELECT Login_ID, Login_PW
  46. FROM login
  47. WHERE Login_ID=? AND Login_PW=?
  48. "))
  49. {
  50. /* Bind parameters
  51. s - string, b - boolean, i - int, etc */
  52. $stmt -> bind_param("ss", $username, $password);
  53.  
  54. /* Execute it */
  55. $result = $stmt -> execute();
  56.  
  57. /* Bind results to variables that will be used within the fetch() loop. */
  58. $stmt -> bind_result($username, $password);
  59.  
  60. //Check whether the query was successful or not
  61. if ($result === false)
  62. {
  63. die("Query failed");
  64. }
  65. /* Iterate over the results of the query. */
  66. while ($stmt->fetch())
  67. { //while loop open
  68. if($_POST['username'] == $username && $_POST['password'] == $password)
  69. {
  70. //$member = mysqli_fetch_assoc($result);
  71.  
  72.  
  73. session_regenerate_id();
  74. /* We can create a _SESSION cause we binded the result to those variables above. */
  75. //$_SESSION['SESS_MEMBER_ID'] = $username;
  76. $_SESSION['username'] = $_POST['username'];
  77.  
  78.  
  79. session_write_close();
  80. header("location: member-index.php");
  81. exit();
  82.  
  83. }
  84.  
  85. elseif($result -> num_rows == 0 )
  86. {
  87. header("location: login-failed.php");
  88. exit();
  89. }
  90.  
  91. }//while loop close
  92.  
  93. /* Close statement */
  94. $stmt -> close();
  95. }//main if close
  96.  
  97. /* Close connection */
  98. $mysqli -> close();
  99.  
  100. <?php
  101. //Start session
  102. session_start();
  103.  
  104. //Check whether the session variable SESS_MEMBER_ID is present or not
  105. if(!$_SESSION['username']) {
  106. header("location: access-denied.php");
  107. exit();
  108. }
  109. ?>
  110.  
  111. /* Execute it */
  112. $result = $stmt -> execute();
  113. $stmt -> store_result();
  114.  
  115. .
  116. .
  117. .
  118.  
  119. elseif($stmt -> num_rows == 0 ) // note $stmt instead of $result
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!