API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 7th, 2017
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.51 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3.  
  4. /* function for stripping slashes and protecting from SQL injection */
  5. function _safedata($input) {
  6.  
  7. // strip slashes from input
  8. if(get_magic_quotes_gpc()) {
  9. $input = stripslashes($input);
  10. }
  11.  
  12. //quote if not a number
  13. if(!is_numeric($input)) {
  14. $input = "'".mysql_real_escape_string($input)."'";
  15. }
  16. return $input;
  17. }
  18.  
  19. $username = $_POST['username'];
  20. $password = $_POST['password'];
  21. $username = _safedata($username);
  22. $password = _safedata($password);
  23.  
  24. $userid="user";
  25. $passid="pass";
  26. $dbname = "pages_db";
  27. $link = mysql_connect("localhost", "$userid", "$passid");
  28. if(!$link) {
  29. die('Could not connect: '.mysql_error());
  30. }
  31.  
  32. /* open database */
  33. $connectdb = mysql_select_db("$dbname", $link);
  34. if(!$connectdb) {
  35. die('Could not connect to '.$dbname.': '.mysql_error());
  36. }
  37. else {
  38. $testConn = "<br />connected to <b>".$dbname."</b>";
  39. }
  40. /*
  41. grab user from database and test against given username
  42. */
  43. $usercheck = mysql_query("SELECT userid from user where username='$username'");
  44. $getRows_user = mysql_num_rows($usercheck);
  45. if($getRows_user==1){
  46. $user = "good";
  47. $passcheck = mysql_query("SELECT * FROM user where username='$username' AND password='$password'");
  48. $getRows_pass = mysql_num_rows($passcheck);
  49. if($getRows_pass==1) {
  50. $pass = "good";
  51. //set session data for username.
  52. $_SESSION['username'] = $username;
  53. } else {
  54. $pass = "incorrect password, please try again.";
  55. $credMsg = "Password error";
  56. }
  57. }else {
  58. $user = "Username incorrect, please make sure you capitalise your username properly.";
  59. }
  60.  
  61. $sql = mysql_query("SELECT * from user Where username='$username' AND password='$password'");
  62.  
  63. ?>
  64. <html>
  65. <head>
  66. <title>login</title>
  67. <meta http-equiv="refresh" content="10;url=index.php">
  68. <link rel="stylesheet" type="text/css" href="css/base.css" />
  69. </head>
  70.  
  71. <body><div id="wrapper">
  72. <h2>PitFighter</h2>
  73. <p>
  74. <?php
  75. if(!$username) {
  76. echo "please provide a valid username and password";
  77. } else {
  78. echo "username: ".$username." password: ".$password;
  79. }
  80. echo "<br />".$testConn;
  81.  
  82. while($result=mysql_fetch_array($sql)) {
  83. echo "<br />First name: ".$result['fname']."<br />Last name: ".$result['lname']."<br />";
  84. echo "<br />Email address: ".$result['email']."<br />Location: ".$result['location'];
  85. }
  86. echo "<br />";
  87.  
  88. if($user <> "good") {
  89. echo $user;
  90. }
  91. if($pass <> "good") {
  92. echo $pass;
  93. }
  94. ?>
  95. <br />click <a href="index.php">here</a> to return to homepage [page will redirect home in 10 seconds].
  96. </p></div>
  97. </body>
  98. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!