API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 12th, 2016
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.40 KB | None | 0 0
raw download clone embed print report
  1. $query = 'SELECT admin_level FROM site_user WHERE ' .
  2. 'username = "' . mysql_real_escape_string($username, $db) .
  3. '" AND ' .
  4. 'password = PASSWORD("' . mysql_real_escape_string($password, $db) . '")';
  5.  
  6. Warning: mysqli_error() expects exactly 1 parameter, 2 given in /login.php on line 19
  7.  
  8. <?php
  9. session_start();
  10. include_once('../includes/db.inc.php');
  11. include_once('header.php');
  12. ?>
  13.  
  14. <?php
  15. if ($db = @new mysqli (HOSTNAME, MYSQLUSER, MYSQLPASS, MYSQLDB)){
  16.  
  17. // filtrare i valori in entrata
  18. $usuario = (isset($_POST['user_usuario'])) ? trim($_POST['user_usuario']) : '';
  19. $password = (isset($_POST['user_password'])) ? $_POST['user_password'] : '';
  20. $redirect = (isset($_REQUEST['redirect'])) ? $_REQUEST['redirect'] : 'main.php';
  21.  
  22. if (isset($_POST['submit'])) {
  23. $query = 'SELECT user_admin_level FROM usuarios WHERE ' . mysqli_real_escape_string($db,$usuario) .
  24. '" AND ' . 'user_password = PASSWORD("' . mysqli_real_escape_string($db,$password) . '")';
  25.  
  26. $result = mysqli_query($db,$query) or die (mysqli_error($db,$query));
  27.  
  28. if (mysql_num_rows($result) > 0) {
  29. $row = mysql_fetch_assoc($result);
  30. $_SESSION['user_usuario'] = $usuario;
  31. $_SESSION['logged'] = 1;
  32. $_SESSION['user_admin_level'] = $row['user_admin_level'];
  33. header ('Refresh: 5; URL=' . $redirect);
  34. echo '<p>Seras re-dirigido a la pagina anterior.</p>';
  35. echo '<p>Si tu navegador no lo hace automaticamente, ' .
  36. '<a href="' . $redirect . '">clic aqui</a>.</p>';
  37. mysql_free_result($result);
  38. mysql_close($db);
  39. die();
  40. }
  41. else {
  42.  
  43. // Riasicurare queste, solo per sicurezza
  44. $_SESSION['user_usuario'] = '';
  45. $_SESSION['logged'] = 0;
  46. $_SESSION['user_admin_level'] = 0;
  47. $error = '<p><strong>Has ingresado un Usuario o Paswword no valido!</strong>'.
  48. ' Clic aqui para <a href="register.php"> Registrarte</a> si aun no lo has hecho.</p>';
  49. }
  50. mysqli_free_result($result);
  51. }
  52. }
  53. ?>
  54. <h1>Login</h1>
  55. <?php
  56. if (isset($error)) {
  57. echo $error;
  58. }
  59. ?>
  60. <form action="login.php" method="post">
  61. <div class="maintform">
  62. <p class="formulario"><label for="name">Usuario: </label> <input maxlength="20" type="text" name="user_usuario" id="user_usuario" value="<?php echo $usuario; ?>" /></p>
  63. <p class="formulario"><label for="name">Contrase&ntilde;a:</label> <input maxlength="20" type="password" name="user_password" id="user_password" value="<?php echo $password; ?>" /></p>
  64. <p class="formulario">
  65. <input type="hidden" name="redirect" value="<?php echo $redirect ?>"/>
  66. <input class="ok" type="submit" name="submit" value="Login"/>
  67. <input class="no_ok" type="reset" name="testform" value="Restablecer" />
  68. </p>
  69. <input type="hidden" name="user_token" id="user_token" value="<?php echo $token; ?>"/>
  70. </div>
  71. </form>
  72.  
  73. <?php
  74. mysqli_close($db);
  75. ?>
  76.  
  77. <?php include_once('footer.php'); ?>
  78.  
  79. if (isset($_POST['submit'])) {
  80. $query = 'SELECT user_admin_level FROM usuarios WHERE ' . mysqli_real_escape_string($db,$usuario) .
  81. '" AND ' . 'user_password = PASSWORD("' . mysqli_real_escape_string($db,$password) . '")';
  82.  
  83. $result = mysqli_query($db,$query) or die (mysqli_error($db,$query));
  84.  
  85. mysqli_real_escape_string
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!