Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Edit your mssql info here
- // BEGIN MSSQL INFO
- $CONFIG['host'] = "localhost";
- $CONFIG['user'] = "sa";
- $CONFIG['pass'] = "server";
- // END MSSQL INFO
- //----------------------------- DO NOT EDIT ANYTHING BELOW HERE !!!!! ------------------------------------
- $CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);
- function anti_injection($sql) {
- $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
- $sql = trim($sql);
- $sql = strip_tags($sql);
- $sql = addslashes($sql);
- return $sql;
- }
- //----------------------------------------------------------------------------------------------------------
- if(isset($_GET['action']) && ($_GET['action'] == "login")){
- $user = anti_injection($_POST['user']);
- $pass = anti_injection($_POST['pass']);
- $crypt_pass = md5($pass);
- $result1 = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'");
- $count1 = mssql_num_rows($result1);
- $result2 = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'");
- $row2 = mssql_fetch_row($result2);
- if($count1 == '0') {
- echo '<br>This game account is not found in the database.';
- }
- elseif($row2[0] != $crypt_pass) {
- echo '<br>Wrong password. Try again.';
- }
- elseif($_GET['login'] != 'login' && $count1 == '0') {
- echo '<br>Login Error, Please login again.';
- } else {
- // Begin secure content
- $_SESSION['user'] = $user;
- echo "<h3>Welcome, ".$_SESSION['user']."</h3>";
- echo "<br>";
- echo "Your content here";
- // Dont forget to and your session
- // session_destroy();
- // End secure content
- }
- } else {
- echo '<h2>Login here</h2><br />
- <form name="" action="'.$_SERVER['php_self'].'?action=login" method="post">
- Name: <input type="text" name="user" maxlength="16"><br />
- Password: <input type="password" name="pass" maxlength="16"> <br />
- <input type="submit" value="Login!">
- </form>';
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement