Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php require_once("../_php_includes/_PHP_Conf.inc.php");
- if(isset($_SESSION['username']) && isset($_SESSION['password'])){
- Header("Location: ".$php['HTTP_HOST']."/pages/home");
- return 1;
- }
- if(isset($_POST['login']))
- {
- $salt = '78sdjs86d2h';
- $username = mysqli_real_escape_string($DB_H, addslashes($_POST['username']));
- $password = mysqli_real_escape_string($DB_H, addslashes($_POST['password']));
- $hash1 = hash('sha256', $password . $salt);
- $hash = strtoupper($hash1);
- $dbh = new PDO("mysql:host=localhost;dbname=zp_hid12129", "root", "");
- $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $stmt = $dbh->prepare("SELECT id, name, password FROM users
- WHERE name = :numele AND password = :parola");
- /*** bind the parameters ***/
- $stmt->bindParam(':numele', $username, PDO::PARAM_STR);
- $stmt->bindParam(':parola', $password, PDO::PARAM_STR, 40);
- /*** execute the prepared statement ***/
- $stmt->execute();
- /*** check for a result ***/
- $user_id = $stmt->fetchColumn();
- /*** if we have no result then fail boat ***/
- if($user_id == false)
- {
- $msg = "Datele introduse sunt greșite!";
- }
- /*** if we do have a result, all is well ***/
- else
- {
- /*** set the session user_id variable ***/
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- echo "
- <script type='text/javascript'>
- <!--
- function Redirect()
- {
- window.location='/panel/';
- }
- setTimeout('Redirect()', 50);
- //-->
- </script>";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement