Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $query = 'SELECT admin_level FROM site_user WHERE ' .
- 'username = "' . mysql_real_escape_string($username, $db) .
- '" AND ' .
- 'password = PASSWORD("' . mysql_real_escape_string($password, $db) . '")';
- Warning: mysqli_error() expects exactly 1 parameter, 2 given in /login.php on line 19
- <?php
- session_start();
- include_once('../includes/db.inc.php');
- include_once('header.php');
- ?>
- <?php
- if ($db = @new mysqli (HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB)){
- // filtrare i valori in entrata
- $usuario = (isset($_POST['user_usuario'])) ? trim($_POST['user_usuario']) : '';
- $password = (isset($_POST['user_password'])) ? $_POST['user_password'] : '';
- $redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : 'main.php';
- if (isset($_POST['submit'])) {
- $query = 'SELECT user_admin_level FROM usuarios WHERE ' . mysqli_real_escape_string($db,$usuario) .
- '" AND ' . 'user_password = PASSWORD("' . mysqli_real_escape_string($db,$password) . '")';
- $result = mysqli_query($db,$query) or die (mysqli_error($db,$query));
- if (mysql_num_rows($result) > 0) {
- $row = mysql_fetch_assoc($result);
- $_SESSION['user_usuario'] = $usuario;
- $_SESSION['logged'] = 1;
- $_SESSION['user_admin_level'] = $row['user_admin_level'];
- header ('Refresh: 5; URL=' . $redirect);
- echo '<p>Seras re-dirigido a la pagina anterior.</p>';
- echo '<p>Si tu navegador no lo hace automaticamente, ' .
- '<a href="' . $redirect . '">clic aqui</a>.</p>';
- mysql_free_result($result);
- mysql_close($db);
- die();
- }
- else {
- // Riasicurare queste, solo per sicurezza
- $_SESSION['user_usuario'] = '';
- $_SESSION['logged'] = 0;
- $_SESSION['user_admin_level'] = 0;
- $error = '<p><strong>Has ingresado un Usuario o Paswword no valido!</strong>'.
- ' Clic aqui para <a href="register.php"> Registrarte</a> si aun no lo has hecho.</p>';
- }
- mysqli_free_result($result);
- }
- }
- ?>
- <h1>Login</h1>
- <?php
- if (isset($error)) {
- echo $error;
- }
- ?>
- <form action="login.php" method="post">
- <div class="maintform">
- <p class="formulario"><label for="name">Usuario: </label> <input maxlength="20" type="text" name="user_usuario" id="user_usuario" value="<?php echo $usuario; ?>" /></p>
- <p class="formulario"><label for="name">Contraseña:</label> <input maxlength="20" type="password" name="user_password" id="user_password" value="<?php echo $password; ?>" /></p>
- <p class="formulario">
- <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
- <input class="ok" type="submit" name="submit" value="Login"/>
- <input class="no_ok" type="reset" name="testform" value="Restablecer" />
- </p>
- <input type="hidden" name="user_token" id="user_token" value="<?php echo $token; ?>"/>
- </div>
- </form>
- <?php
- mysqli_close($db);
- ?>
- <?php include_once('footer.php'); ?>
- if (isset($_POST['submit'])) {
- $query = 'SELECT user_admin_level FROM usuarios WHERE ' . mysqli_real_escape_string($db,$usuario) .
- '" AND ' . 'user_password = PASSWORD("' . mysqli_real_escape_string($db,$password) . '")';
- $result = mysqli_query($db,$query) or die (mysqli_error($db,$query));
- mysqli_real_escape_string
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement