Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("config.php");
- session_start();
- $error = "";
- if($_SERVER["REQUEST_METHOD"] == "POST"){
- // SEND BY FORM
- // protect from sqli
- // $username = mysqli_real_escape_string($db,$_POST['username']);
- $username = $_POST['username'];
- $password = $_POST['password'];
- $sql = "SELECT id FROM users WHERE username = '$username' and password = '$password'";
- $result = mysqli_query($db, $sql);
- $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
- $active = $row['id'];
- $count = mysqli_num_rows($result);
- // sprawdzamy czy zostal zwrocony rezultat: if count ==1 protect sqli boolean
- if($count != 0){
- $_SESSION['login_user'] = $username;
- header("location: welcome.php");
- } else {
- $error = "Incorrect input: pass or login dont match!";
- }
- }
- ?>
- <html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement