Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!--
- php login
- validate function (inputs)
- username = input of username
- password = input of password
- if (username matches with a username in database and password matches with corresponding password)
- redirect to match page
- else if (username = username in database & password is incorrect)
- warn user of incorrect password
- else if (username does not match a known username)
- redirect to logon page: username will add a new row to SQL player db
- -->
- <!-- LordChad Online HTML-->
- <?php
- session_start();
- //start session variable for storage across pages
- $username = $_POST['username'];
- $password = $_POST['password'];
- include ("Includes/dbconnect.php");
- ?>
- <html>
- <head>
- <title>Form Processing</title>
- </head>
- <body>
- <?php
- $escaped_username = mysql_escape_string($username);
- $escaped_password = mysql_escape_string($password);
- $boolean = false; //username checking variable
- $boolean1 = false; //password checking variable
- $query = "SELECT gamerid,passwords,salt FROM users";
- $result = mysql_query($query) or die("unable to query");
- //check if the entered gamerid is in the database
- while($row = mysql_fetch_row($result))
- {
- if($escaped_username == $row[0])
- {
- $boolean = true;
- $gamerid = $row[0];
- }
- }
- // if entered gamerid is in the database
- if($boolean)
- {
- $query1 = "SELECT passwords FROM users WHERE gamerid = '".$gamerid."'";
- $result1 = mysql_query($query1);
- $row1 = mysql_fetch_row($result1);
- //$row1[0] = hashed and salted password from the database
- $query2 = "SELECT salt FROM users WHERE gamerid ='".$gamerid."'";
- $result2 = mysql_query($query2);
- $row2 = mysql_fetch_row($result2);
- //$row2[0] = salt of user
- $hashedpassword = md5($escaped_password.$row2[0]);
- //$hashedpassword1 = entered password + user salt hashed
- if($row1[0] == $hashedpassword)
- {
- $boolean1 = true;
- }
- }
- else
- {
- header('Location: landing.php');
- }
- //if entered password is correct
- if($boolean1)
- {
- $query3 = "SELECT admin FROM users WHERE gamerid ='".$gamerid."'";
- $result3 = mysql_query($query3);
- $row3 = mysql_fetch_row($result3);
- //$row3[0] = admin key of user, admin or not
- if($row3[0] == 1)
- {
- header('Location: admin.php');
- }
- else
- {
- header('Location: match.php');
- $_SESSION["user"] = ;
- //////// //transfer gamerid to new page
- }
- }
- else
- {
- header('Location: landing.php');
- }
- mysql_close();
- ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment