Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php // file users/login.php
- //start session
- session_start();
- // build db connection, note database.php is one directory level above this file
- require_once('db_config.php');
- // username and password sent from form
- //Protect from MySQL Injection
- //strip out commands, and cut down amount of strings to 32
- $username = strip_tags(substr($_POST['username'],0,32));
- $password = strip_tags(substr($_POST['password'],0,32));
- //use PHP crypt function (one way encryption - meaning once it's encrypted it cannot be changed back (decrypted).
- //using the salt encryption depends on the character set you want to encrypt the default is (two-character salts)
- //MD5 is a 12 character salt but higher level salts can be used depending on the level of security required
- $cleanpw = crypt(md5($password), md5($username));
- //use MySWL_Real_Escape to encrypt the password
- // table users:
- $query = "SELECT username, password FROM users WHERE username='".mysql_real_escape_string($username)."' AND password='".mysql_real_escape_string($password)."'limit 1";
- $login_result = mysql_query($query);
- //print out the query result for testing
- //print_r($login_result);
- $count=mysql_num_rows($login_result);
- //print out the number of rows
- //print_r($count);
- //check if the query was succcessful
- if($count==1) { // test for single row
- // $rows=$login_result->fetch();
- // set session var for successful login and check for user authentication
- $_SESSION['username']= $count['username'];
- // print_r($_SESSION);//print out session for testing
- header('Location:login_success.php');
- }
- else{
- echo "wrong username and password";
- }
- ?>
Add Comment
Please, Sign In to add comment