API tools faq
paste
Guest User

Untitled

a guest
May 10th, 2018
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.10 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include('../include/sessions.php');
  3.  
  4. if(isset($_POST['username']))
  5. {
  6. $username = mysqli_real_escape_string($dbc, $_POST['username']);
  7. $password = mysqli_real_escape_string($dbc, $_POST['password']);
  8.  
  9. $select = "SELECT username, firstname, lastname, email,
  10. userlevel, `password` FROM users WHERE username = ?;";
  11.  
  12. $stmt = mysqli_stmt_init($dbc);
  13.  
  14. if(!mysqli_stmt_prepare($stmt, $select))
  15. {
  16. echo "Error: " . mysqli_stmt_error($stmt);
  17. }
  18. else
  19. {
  20. mysqli_stmt_bind_param($stmt, "s", $username);
  21. mysqli_stmt_execute($stmt);
  22. $result = mysqli_stmt_get_result($stmt);
  23. $row = mysqli_fetch_assoc($result);
  24.  
  25. $dbusername = htmlentities(stripslashes($row['username']));
  26. $dbfirstname = htmlentities(stripslashes($row['firstname']));
  27. $dblastname = htmlentities(stripslashes($row['lastname']));
  28. $dbemail = htmlentities(stripslashes($row['email']));
  29. $dbuserlevel = htmlentities(stripslashes($row['userlevel']));
  30. $dbpassword = htmlentities(stripslashes($row['password']));
  31.  
  32. if(password_verify($password, $dbpassword)) // used bcrypt to hash password
  33. {
  34. // not sure if this is the best way to set the sessions
  35. $_SESSION['username'] = $dbusername;
  36. $_SESSION['firstname'] = $dbfirstname;
  37. $_SESSION['lastname'] = $dblastname;
  38. $_SESSION['email'] = $dbemail;
  39. $_SESSION['userlevel'] = $dbuserlevel;
  40.  
  41. header("Location: ../cust/home.php");
  42. }
  43. else
  44. {
  45. echo "The username/password combination does not match our records. Please try again.";
  46. }
  47. }
  48. }
  49.  
  50. ?>
  51.  
  52. <?php
  53. if(!isset($_SESSION)){session_start();}
  54. include("database.php");
  55.  
  56. $username = $_SESSION['username'];
  57. $firstname = $_SESSION['firstname'];
  58. $lastname = $_SESSION['lastname'];
  59. $email = $_SESSION['email'];
  60. $userlevel = $_SESSION['userlevel'];
  61.  
  62. // I started using the below if statement in conjunction with a .htaccess file to prevent
  63. // anyone from attempting navigate the directories through the URL.
  64. // I am sure there is another way to do this.
  65. if($username == "" || $_SESSION['username'] == "" || $userlevel != '9')
  66. {
  67. header('Location: ../index.php');
  68. }
  69. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!