Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $user = $_GET['user'];
- $pass = $_GET['pass'];
- $user = strtolower($user);
- $pass = strtolower($pass);
- //Start session
- session_start();
- $errmsg_arr = array();
- $errflag = false;
- $link = mysql_connect(localhost, database_user, database_pass);
- if(!$link) {
- die('Failed to connect to server: ' . mysql_error());
- }
- $db = mysql_select_db(database_name);
- if(!$db) {
- die("Unable to select database");
- }
- function clean($str) {
- $str = @trim($str);
- if(get_magic_quotes_gpc()) {
- $str = stripslashes($str);
- }
- return mysql_real_escape_string($str);
- }
- function IsInjected($str)
- {
- $injections = array('(\n+)',
- '(\r+)',
- '(\t+)',
- '(%0A+)',
- '(%0D+)',
- '(%08+)',
- '(%09+)'
- );
- $inject = join('|', $injections);
- $inject = "/$inject/i";
- if(preg_match($inject,$str))
- {
- return true;
- }
- else
- {
- return false;
- }
- }
- $qry="SELECT * FROM users WHERE username ='".$user."' AND password = '".$pass."'";
- $result=mysql_query($qry);
- if($result) {
- if(mysql_num_rows($result) == 1) {
- session_regenerate_id();
- echo "User successfully logged in!";
- exit();
- }else {
- echo "Sorry, the login failed. Please try again!";
- exit();
- }
- }else {
- die("Query failed");
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement