Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function gosubmit(event:MouseEvent) {
- if (username.text != "" && password.text != "") {
- var phpVars:URLVariables = new URLVariables();
- var phpFileRequest:URLRequest = new URLRequest();
- phpFileRequest.url = "php/controlpanel.php";
- phpFileRequest.method = URLRequestMethod.POST;
- phpFileRequest.data = phpVars;
- var phpLoader:URLLoader = new URLLoader();
- phpLoader.dataFormat = URLLoaderDataFormat.VARIABLES;
- phpLoader.addEventListener(Event.COMPLETE, execResult);
- phpVars.username = username.text;
- phpVars.password = password.text;
- phpLoader.load(phpFileRequest);
- phpLoader.addEventListener(Event.COMPLETE, execResult);
- function execResult(event:Event) {
- trace(event.target.data.execResult);
- }
- }
- <?php
- mysql_connect("localhost", "root", "password");
- // change localhost to something else later
- // change password to something else later
- mysql_select_db("game");
- $username = mysql_real_escape_string($_POST['username']);
- $password = mysql_real_escape_string($_POST['password']);
- $salt_mysql = mysql_query("SELECT salt FROM players WHERE username='".$username."'");
- $salt = salt_row["salt"];
- $unhashed_password = $password.$salt;
- $password = hash("SHA256", $unhashed_password);
- $exec_mysql = mysql_query("SELECT * FROM players WHERE username='".$username."' AND password='".$password."'");
- if (mysql_num_rows($exec_mysql)) == 1 {
- echo "execResult=login_accepted";
- }
- if (mysql_num_rows($exec_mysql)) == 0 {
- echo "execResult=login_rejected";
- }
- else {
- echo "execResult=error";
- }
- ?>
- =&execResult=test
Add Comment
Please, Sign In to add comment