Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php include('header.php'); ?>
- <?php
- $output = NULL;
- // Check Form
- if(isset($_POST['submit'])){
- $username = $_POST['username'];
- $password = $_POST['password'];
- if(empty($username) || empty($password)) {
- $output .= "Please enter all fields";
- } else {
- //Connect to the database
- $mysqli = new mysqli('localhost','root','','movie_talk');
- $username = $mysqli->real_escape_string($username);
- $password = $mysqli->real_escape_string($password);
- $query12 = mysqli_query($mysqli , "SELECT * FROM users WHERE username = '$username'");
- $UserRow = mysqli_fetch_array($query12);
- $query = $mysqli->query("SELECT * FROM users WHERE username = '$username' AND password = ('$password')");
- $query2 = mysqli_query($mysqli, "SELECT * FROM users WHERE username = '$username' AND password = ('$password')");
- $row = mysqli_fetch_array($query2);
- if($query->num_rows == 0){
- $output = "Invalid username/password";
- } else{
- //User logged in successfully
- $_SESSION['loggedin'] = TRUE;
- $_SESSION['user'] = $username;
- $_SESSION['access_level'] = $row['access_level'];
- $_SESSION['real_name'] = $row['real_name'];
- $_SESSION['email'] = $row['email'];
- $_SESSION['birth_year'] = $row['birth_year'];
- $_SESSION['country'] = $row['country'];
- $output = "Login Successful";
- }
- }
- }
- if(!isset($_SESSION['loggedin'])) {
- // Display login form
- echo "Welcome Guest.<p />";
- ?>
- <form method="POST">
- Username: <input type="TEXT" name="username" />
- <p />
- Password: <input type="PASSWORD" name="password" />
- <br/>
- <input type="SUBMIT" name="submit" value="Log In" />
- <form>
- <?php
- } else {
- //Display welcome user
- }
- if (strtotime ($UserRow["banned_until"]) > time())
- {
- echo "You have been banned";
- session_destroy();
- }
- echo $output;
- if(isset($_SESSION['loggedin'])) {
- header('refresh:1;index.php');
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
