Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if(isset($_POST['login'])) {
- $username = mysql_real_escape_string($_POST['username']);
- $password = $_POST['password'];
- $salt = substr($password, rand(0,30), 10);
- $enc_password = hash('sha512', $salt, $password);
- $q = "SELECT * FROM user WHERE username='$username' AND password='$enc_password'";
- $res = mysql_query($q) or die(mysql_error());
- if(mysql_num_rows($res) < 1 && !empty($username) && !empty($enc_password)) {
- header('Location: user.php?loginerror=');
- exit;
- }
- while($row = mysql_fetch_array($res)) {
- $_SESSION['id'] = mysql_real_escape_string($row['id']);
- $_SESSION['user'] = mysql_real_escape_string($row['username']);
- $_SESSION['flag'] = mysql_real_escape_string($row['flag']);
- header('Location: user.php');
- exit;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement