Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // SQL Injection protection
- function filterprot($var,$regex) {
- $var = stripslashes($var);
- $var = mysql_real_escape_string($var);
- if (preg_match($regex,$var)) {
- return $var;
- }
- return false;
- }
- $host="10.246.16.25"; // Host name
- $username="ghagen_com"; // Mysql username
- $password="??"; // Mysql password
- $db_name="ghagen_com"; // Database name
- $tbl_name="spotifyuser"; // Table name
- session_start();
- // Default values: logged in
- $auth = false;
- $userlevel = 99;
- // Validating session
- if(session_is_registered(User)){
- $User = $_SESSION['User'];
- $Pass = $_SESSION['Pass'];
- mysql_connect("$host", "$username", "$password")or die("cannot connect");
- mysql_select_db("$db_name")or die("cannot select DB");
- $User = filterprot($User,'/^[a-zA-Z0-9.]+$/');
- $Pass = filterprot($Pass,'/^[a-zA-Z0-9]+$/');
- if ($Pass && $User) {
- // Trying to select the email address and the maching password for the db
- $result = mysql_query("SELECT * FROM $tbl_name WHERE User='$User' and Pass='$Pass'");
- // If result matched $uemail and $upswd, table row must be 1 row
- $count = mysql_num_rows($result);
- if($count == 1){
- // Fetching data from db
- $row = mysql_fetch_array($result);
- // Setting global variables
- global $auth,$User,$Pass;
- $auth = true;
- $User = $row['User'];
- $Pass = $row['Pass'];
- }
- else { mysql_close(); }
- }
- else { mysql_close(); }
- }
- else {
- // Login failed
- $auth = false;
- $userlevel = 99;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
