Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // login.php
- // logs the user into the admin panel
- session_start();
- include 'mysql.php';
- if (isset($_POST['user']) && isset($_POST['pass'])) {
- $username = $_POST['user'];
- $password = $_POST['pass'];
- // Protection against MySQL insertion (security measure)
- $username = stripslashes($username);
- $password = stripslashes($password);
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- // Encrypts the password
- $password = md5($password);
- // Making a query to the database
- $sql = "SELECT user, pass FROM users WHERE user='$username' AND pass='$password'";
- $result = mysql_query($sql);
- // Checking if there is a match, and only one match
- $count = mysql_num_rows($result);
- if($count == 1) {
- // If username and password is correct, register session and bring user to panel.php
- $_SESSION['logged_in'] = TRUE;
- header("Location: panel.php");
- } else {
- // If not the username and / or password is / are correct, bring user to warning no. 1
- header("Location: index.php?w=1");
- }
- } else {
- // If not both username and password fields are filled out, bring user to warning no. 2
- header("Location: index.php?w=2");
- }
- ?>
Add Comment
Please, Sign In to add comment