Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //top of code
- <?php
- //Display errors; COMMENT OUT WHEN NOT DEBUGGING
- ini_set('display_errors', 1);
- ini_set('display_startup_errors', 1);
- error_reporting(E_ALL);
- //DB
- require('lib/func.php');
- //The function looks like this
- //Checks if user is already logged in and redirects.
- if (isset($_SESSION['user'])){
- $user = getUserInfo($_SESSION['user']);
- if ($user != null) {
- if ($user['admin'] == 1) {
- header('Location: admin.php');
- exit;
- } else {
- header('Location: login.php');
- }
- }
- }
- if (isset($_POST)){
- if(sizeof($_POST) > 0) {
- $user = mysqli_real_escape_string($link, trim($_POST['username'])); //error
- $pass = mysqli_real_escape_string($link, trim($_POST['password'])); //error
- if(isValidAdminUser($user,$pass)) {
- persistUser($user);
- header('Location: admin.php');
- exit;
- } elseif(isValidStateUser($user,$pass)) {
- persistUser($user);
- header('Location: /');
- exit;
- } else {
- $error = "Invalid username or password";
- }
- }
- }
- //what am i missing from this? what's am i doing wrong/needs improvement?
- //top of file
- <?php
- include("define.mysqli.php");
- if(!isset($_SESSION)){
- session_start();
- }
- //....
- function isValidAdminUser($uname,$pass) {
- $query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
- $result = mysqli_query($link, $query) or die(mysqli_error($link)); //error
- if(mysqli_num_rows($result) > 0) {
- $user = mysqli_fetch_array($result); //error
- if(md5($pass) == $user['password'])
- return true;
- }
- return false;
- }
- //the original code was
- function isValidAdminUser($uname,$pass) {
- $query = "SELECT * FROM users WHERE login = '$uname' AND admin = 1";
- $result = mysql_query($query) or die(mysql_error()); //error
- if(mysqli_num_rows($result) > 0) {
- $user = mysqli_fetch_array($result); //error
- if(md5($pass) == $user['password']) {
- return true;
- }
- }
- return false;
- }
- //i changed it to mysqli best i could but $link is undefined???
- //in same code as above
- <?php
- # FileName="Connection_php_mysql.htm"
- # Type="MYSQL"
- # HTTP="true"
- if(!isset($_SESSION)){
- session_start();
- }
- if(!defined("DATABASE_PREFIX"))
- define("DATABASE_PREFIX","dbr_");
- $hostname = "127.0.0.1";
- $username = "*correct_username";
- $password = "*correct_password";
- $database = "*correct_database";
- $link = mysqli_connect($hostname, $username, $password, $database);
- if(!$link) {
- echo "Error: Unable to connect to MySQL." . PHP_EOL;
- echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
- echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
- exit;
- }
- //echo "Success: Established MySQL connection." . PHP_EOL;
- //echo "Host Information: " . mysqli_get_host_info($link) . PHP_EOL;
- mysqli_close($link);
- ?>
Add Comment
Please, Sign In to add comment