Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <body>
- <?php error_reporting(-1); ini_set('display_errors', 'on'); ?>
- <?php
- session_start();
- //Declare username and password variable from login form
- $username = $_POST['username'];
- $password = $_POST['password'];
- //Define mySQL server login information
- $dbhost = 'localhost';
- $dbname = 'basiclogin';
- $dbuser = 'root';
- $dbpass = 'Password@1'; //not really
- //Connection variable
- $conn = mysql_connect($dbhost, $dbuser, $dbpass);
- //Begin using database
- mysql_select_db($dbname, $conn);
- //SQL injection protection
- $username = mysql_real_escape_string($username);
- //Define the query to be used by mySQL
- $query = "SELECT password, salt
- FROM users
- WHERE username = '$username';";
- //Die if connection is bad
- if (!mysql_query($query,$conn))
- {
- die('Error: ' . mysql_error());
- }
- //Set $result equal to the username
- $result = mysql_query($query);
- if(mysql_num_rows($result) < 1) //no such user exists
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- $userData = mysql_fetch_array($result, MYSQL_ASSOC);
- $hash = hash('sha256', $userData['salt'] . hash('sha256', $password) );
- if($hash != $userData['password']) //incorrect password
- {
- //Return the user to the login page
- header('Location: login.php');
- }
- else
- {
- //Login Successful
- $_SESSION['authlevel'] = $userData['authlevel'];
- $_SESSION['is_logged_in'] = true;
- $_SESSION['member_name'] = $userData['username'];
- header("location: welcome.php");
- }
- ?>
- </body>
- </html>
Add Comment
Please, Sign In to add comment
