Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST['login']))
- {
- include 'dbh.cfg.php';
- $sUser = $_POST['name'];
- $sPass = $_POST['pass'];
- if(empty($sUser) || empty($sPass))
- {
- header("location: ../index.php?error=empty");
- exit();
- }
- else
- {
- $sql = "SELECT * FROM `accounts` WHERE `Username`=?;";
- $stmt = mysqli_stmt_init($conn);
- if(!mysqli_stmt_prepare($stmt, $sql))
- {
- header("location: ../index.php?error=sqlerror");
- }
- else
- {
- mysqli_stmt_bind_param($stmt, "s", $sUser);
- mysqli_stmt_execute($stmt);
- $result = mysqli_stmt_get_result($stmt);
- if($row = mysqli_fetch_assoc($result))
- {
- $fPass = $sPass.$row['Salt'];
- $sKey = strtoupper(hash("whirlpool", $fPass));
- if($row['AdminLevel'] > 0)
- {
- if($sKey != $row['Key'])
- {
- header("location: ../index.php?wpass");
- exit();
- }
- else
- {
- session_start();
- $_SESSION['sId'] = $row['id'];
- $_SESSION['sAdminLevel'] = $row['AdminLevel'];
- $_SESSION['sUser'] = $row['Username'];
- $_SESSION['sAdmin'] = $row['AdminName'];
- header("location: ../admin.php?success");
- }
- }
- else
- {
- header("location: ../index.php?error=admin");
- exit();
- }
- }
- else
- {
- header("location: ../index.php?wronguser");
- exit();
- }
- }
- }
- }
- else
- {
- header("location: ../index.php?error");
- exit();
- }
Add Comment
Please, Sign In to add comment
