function gosubmit(event:MouseEvent) { if (username.text != "" && password.te

1. function gosubmit(event:MouseEvent) {
2. if (username.text != "" && password.text != "") {
3. var phpVars:URLVariables = new URLVariables();
4. var phpFileRequest:URLRequest = new URLRequest();
5. phpFileRequest.url = "php/controlpanel.php";
6. phpFileRequest.method = URLRequestMethod.POST;
7. phpFileRequest.data = phpVars;
8.  
9. var phpLoader:URLLoader = new URLLoader();
10. phpLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
11. phpLoader.addEventListener(Event.COMPLETE, execResult);
12.  
13. phpVars.username = username.text;
14. phpVars.password = password.text;
15.  
16. phpLoader.load(phpFileRequest);
17. phpLoader.addEventListener(Event.COMPLETE, execResult);
18.  
19. function execResult(event:Event) {
20. trace(event.target.data.execResult);
21. }
22. }
23.  
24. <?php
25.  
26. mysql_connect("localhost", "root", "password");
27. // change localhost to something else later
28. // change password to something else later
29. mysql_select_db("game");
30.  
31. $username = mysql_real_escape_string($_POST['username']);
32. $password = mysql_real_escape_string($_POST['password']);
33. $salt_mysql = mysql_query("SELECT salt FROM players WHERE username='".$username."'");
34. $salt = salt_row["salt"];
35.  
36. $unhashed_password = $password.$salt;
37. $password = hash("SHA256", $unhashed_password);
38.  
39. $exec_mysql = mysql_query("SELECT * FROM players WHERE username='".$username."' AND password='".$password."'");
40.  
41. if (mysql_num_rows($exec_mysql)) == 1 {
42. echo "execResult=login_accepted";
43. }
44.  
45. if (mysql_num_rows($exec_mysql)) == 0 {
46. echo "execResult=login_rejected";
47. }
48.  
49. else {
50. echo "execResult=error";
51. }
52.  
53. ?>
54.  
55. =&execResult=test