Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if(isset($_POST['login'])) {
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['password']);
- $enc_password = hash('sha512', $password);
- $q = "SELECT id, username, password, flag FROM user WHERE username='".mysql_real_escape_string($_POST['username'])."' AND password='".mysql_real_escape_string($enc_password)."'";
- $res = mysql_query($q) or die(mysql_error());
- if(mysql_num_rows($res) < 1 && !empty($_POST['username']) && !empty($enc_password)) {
- header('Location: user.php?loginerror=');
- exit;
- }
- while($row = mysql_fetch_array($res)) {
- $_SESSION['id'] = mysql_real_escape_string($row['id']);
- $_SESSION['user'] = mysql_real_escape_string($row['username']);
- $_SESSION['flag'] = mysql_real_escape_string($row['flag']);
- header('Location: user.php');
- exit;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement