-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprocess.php
More file actions
115 lines (88 loc) · 2.54 KB
/
process.php
File metadata and controls
115 lines (88 loc) · 2.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
<?php
include ('static/db_connect.php');
/*
$action = $_POST['action'];
if ($action == 'enter')
{
$login = $_POST['login'];
$password = $_POST['password'];
$query = "SELECT *
FROM `users`
WHERE `login` = '{$login}'
`password` = '{$password}'
LIMIT 1
";
$sql = mysql_query($query) or die(mysql_error());
header('Location: index_closed.php');
}
else
{
die('<h3 align=center>Error!</h3>');
}
$action = $_POST['action'];
if (!empty($_POST))
{
$login = (isset($_POST['login'])) ? mysql_real_escape_string($_POST['login']) : '';
$query = "SELECT `salt`
FROM `users`
WHERE `login`='{$login}'
LIMIT 1";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 1)
{
$row = mysql_fetch_assoc($sql);
$salt = $row['salt'];
$password = md5(md5($_POST['password']) . $salt);
$query = "SELECT `id`
FROM `users`
WHERE `login`='{$login}' AND `password`='{$password}'
LIMIT 1";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql) == 1)
{
$row = mysql_fetch_assoc($sql);
$_SESSION['user_id'] = $row['id'];
$time = 86400;
if (isset($_POST['remember']))
{
setcookie('login', $login, time()+$time, "/");
setcookie('password', $password, time()+$time, "/");
}
header('Location: index_closed.php');
exit;
}
else
{
echo 'Error1!';
}
}
else
{
echo 'Error2!';
}
}
*/
if (isset($_POST['login']) && isset($_POST['password']))
{
$login = mysql_real_escape_string($_POST['login']);
$password = md5($_POST['password']);
// делаем запрос к БД
// и ищем юзера с таким логином и паролем
$query = "SELECT `id`
FROM `users`
WHERE `login`='{$login}' AND `password`='{$password}'
LIMIT 1";
$sql = mysql_query($query) or die(mysql_error());
// если такой пользователь нашелся
if (mysql_num_rows($sql) == 1) {
// то мы ставим об этом метку в сессии (допустим мы будем ставить ID пользователя)
$row = mysql_fetch_assoc($sql);
$_SESSION['user_id'] = $row['id'];
header('Location: index_closed.php');
}
else {
//die('Error! Not user ID found in database!<br /><a href="login.php">Back</a>');
header('Location: login.php');
}
}
?>