Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require './common.php';
- session_start(); //must call session_start before using any $_SESSION variables
- if(isset($_GET['logout'])) { // Logout?
- logout();
- }
- if (isset($_POST['submit'])) { // if page is not submitted to itself echo the form
- $username = $_POST['username'];
- $username = mysql_real_escape_string($username);
- $query = $db->SQL("SELECT password, salt FROM users WHERE username = '$'", $username);
- if(empty($query)) //no such user exists
- {
- echo "No Such User Exists";
- die();
- }
- $userData = $query[0];
- $hash = sha1( $userData['salt'] . sha1($_POST['password']) );
- if($hash != $userData['password']) //incorrect password
- {
- echo "Incorrect Password";
- die();
- }
- else
- {
- validateUser(); //sets the session data for this user
- }
- header('Location: index.php');
- //redirect to another page or display "login success" message
- }
- // Here would normally be where the template file executes, but because this is just sample code, the form is included below.
- ?>
- <form name="register" action="login.php" method="post">
- Username: <input type="text" name="username" maxlength="30" />
- Password: <input type="password" name="password" />
- <input type="submit" name="submit" value="Login" />
- </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
