API tools faq
paste
jdong6

danny g

jdong6
Aug 27th, 2016
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.55 KB | None | 0 0
raw download clone embed print report
  1. <!--
  2. php login
  3.  
  4. validate function (inputs)
  5. username = input of username
  6. password = input of password
  7. if (username matches with a username in database and password matches with corresponding password)
  8. redirect to match page
  9.  
  10. else if (username = username in database & password is incorrect)
  11. warn user of incorrect password
  12.  
  13. else if (username does not match a known username)
  14. redirect to logon page: username will add a new row to SQL player db
  15. -->
  16.  
  17. <!-- LordChad Online HTML-->
  18. <?php
  19. session_start();
  20. //start session variable for storage across pages
  21. $username = $_POST['username'];
  22. $password = $_POST['password'];
  23. include ("Includes/dbconnect.php");
  24. ?>
  25. <html>
  26. <head>
  27. <title>Form Processing</title>
  28. </head>
  29. <body>
  30. <?php
  31. $escaped_username = mysql_escape_string($username);
  32. $escaped_password = mysql_escape_string($password);
  33.  
  34. $boolean = false; //username checking variable
  35. $boolean1 = false; //password checking variable
  36.  
  37. $query = "SELECT gamerid,passwords,salt FROM users";
  38. $result = mysql_query($query) or die("unable to query");
  39.  
  40. //check if the entered gamerid is in the database
  41. while($row = mysql_fetch_row($result))
  42. {
  43. if($escaped_username == $row[0])
  44. {
  45. $boolean = true;
  46. $gamerid = $row[0];
  47. }
  48. }
  49.  
  50. // if entered gamerid is in the database
  51. if($boolean)
  52. {
  53. $query1 = "SELECT passwords FROM users WHERE gamerid = '".$gamerid."'";
  54. $result1 = mysql_query($query1);
  55. $row1 = mysql_fetch_row($result1);
  56. //$row1[0] = hashed and salted password from the database
  57.  
  58. $query2 = "SELECT salt FROM users WHERE gamerid ='".$gamerid."'";
  59. $result2 = mysql_query($query2);
  60. $row2 = mysql_fetch_row($result2);
  61. //$row2[0] = salt of user
  62.  
  63. $hashedpassword = md5($escaped_password.$row2[0]);
  64. //$hashedpassword1 = entered password + user salt hashed
  65.  
  66. if($row1[0] == $hashedpassword)
  67. {
  68. $boolean1 = true;
  69. }
  70. }
  71. else
  72. {
  73. header('Location: landing.php');
  74. }
  75.  
  76. //if entered password is correct
  77. if($boolean1)
  78. {
  79. $query3 = "SELECT admin FROM users WHERE gamerid ='".$gamerid."'";
  80. $result3 = mysql_query($query3);
  81. $row3 = mysql_fetch_row($result3);
  82. //$row3[0] = admin key of user, admin or not
  83.  
  84. if($row3[0] == 1)
  85. {
  86. header('Location: admin.php');
  87. }
  88. else
  89. {
  90. header('Location: match.php');
  91. $_SESSION["user"] = ;
  92. //////// //transfer gamerid to new page
  93. }
  94. }
  95. else
  96. {
  97. header('Location: landing.php');
  98. }
  99.  
  100. mysql_close();
  101. ?>
  102. </body>
  103. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!