Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- /* function for stripping slashes and protecting from SQL injection */
- function _safedata($input) {
- // strip slashes from input
- if(get_magic_quotes_gpc()) {
- $input = stripslashes($input);
- }
- //quote if not a number
- if(!is_numeric($input)) {
- $input = "'".mysql_real_escape_string($input)."'";
- }
- return $input;
- }
- $username = $_POST['username'];
- $password = $_POST['password'];
- $username = _safedata($username);
- $password = _safedata($password);
- $userid="user";
- $passid="pass";
- $dbname = "pages_db";
- $link = mysql_connect("localhost", "$userid", "$passid");
- if(!$link) {
- die('Could not connect: '.mysql_error());
- }
- /* open database */
- $connectdb = mysql_select_db("$dbname", $link);
- if(!$connectdb) {
- die('Could not connect to '.$dbname.': '.mysql_error());
- }
- else {
- $testConn = "<br />connected to <b>".$dbname."</b>";
- }
- /*
- grab user from database and test against given username
- */
- $usercheck = mysql_query("SELECT userid from user where username='$username'");
- $getRows_user = mysql_num_rows($usercheck);
- if($getRows_user==1){
- $user = "good";
- $passcheck = mysql_query("SELECT * FROM user where username='$username' AND password='$password'");
- $getRows_pass = mysql_num_rows($passcheck);
- if($getRows_pass==1) {
- $pass = "good";
- //set session data for username.
- $_SESSION['username'] = $username;
- } else {
- $pass = "incorrect password, please try again.";
- $credMsg = "Password error";
- }
- }else {
- $user = "Username incorrect, please make sure you capitalise your username properly.";
- }
- $sql = mysql_query("SELECT * from user Where username='$username' AND password='$password'");
- ?>
- <html>
- <head>
- <title>login</title>
- <meta http-equiv="refresh" content="10;url=index.php">
- <link rel="stylesheet" type="text/css" href="css/base.css" />
- </head>
- <body><div id="wrapper">
- <h2>PitFighter</h2>
- <p>
- <?php
- if(!$username) {
- echo "please provide a valid username and password";
- } else {
- echo "username: ".$username." password: ".$password;
- }
- echo "<br />".$testConn;
- while($result=mysql_fetch_array($sql)) {
- echo "<br />First name: ".$result['fname']."<br />Last name: ".$result['lname']."<br />";
- echo "<br />Email address: ".$result['email']."<br />Location: ".$result['location'];
- }
- echo "<br />";
- if($user <> "good") {
- echo $user;
- }
- if($pass <> "good") {
- echo $pass;
- }
- ?>
- <br />click <a href="index.php">here</a> to return to homepage [page will redirect home in 10 seconds].
- </p></div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement