Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php session_start();
- include 'database.php';
- $username = mysql_real_escape_string(html_entity_decode($_POST['username']));
- $password = mysql_real_escape_string(html_entity_decode($_POST['password']));
- if ($username&&$password) {
- $query = mysql_query("SELECT * FROM brukere WHERE username='$username'");
- $numrows = mysql_num_rows($query);
- if ($numrows!=0) {
- while ($row = mysql_fetch_assoc($query)) {
- $dbusername = $row['username']; //mysql escape here too?
- $dbpassword = $row['password'];
- }
- //Checks if they match
- if ($username==$dbusername&&$password==$dbpassword) {
- //Logged in
- $_SESSION['username']=$username;
- echo 'Authenticating user...';
- header('refresh: 3; panel.php');
- }
- else
- echo "Incorrect password!";
- }
- else
- die("That user doesn't exist!");
- }
- else
- die("Please enter a username and a password.");
- ?>
Add Comment
Please, Sign In to add comment