| 6 |
kaklik |
1 |
<?php
|
|
|
2 |
session_start();
|
|
|
3 |
#required when using sessions to put that at the top of each page
|
|
|
4 |
|
|
|
5 |
include 'shoutfunctions.php';
|
|
|
6 |
#used for dbinsans
|
|
|
7 |
|
|
|
8 |
include 'shoutoptions.php';
|
|
|
9 |
#used for database vars
|
|
|
10 |
|
|
|
11 |
|
|
|
12 |
mysql_connect("$dbHost", "$dbUser", "$dbPass") or die("Unable to connect!");
|
|
|
13 |
#connect
|
|
|
14 |
|
|
|
15 |
|
|
|
16 |
mysql_select_db ($dbname);
|
|
|
17 |
#select the database
|
|
|
18 |
|
|
|
19 |
$PW = md5(dbinsans($_POST['password']));
|
|
|
20 |
#md5 encryption on password
|
|
|
21 |
|
|
|
22 |
$User = dbinsans($_POST['username']);
|
|
|
23 |
#only does the hacker hole closing on username
|
|
|
24 |
|
|
|
25 |
$result = mysql_query("SELECT * FROM ShoutAdmin WHERE username='$User' AND password='$PW'");
|
|
|
26 |
#creates and executes query returns result
|
|
|
27 |
|
|
|
28 |
$row =mysql_fetch_array($result);
|
|
|
29 |
#fetches a row
|
|
|
30 |
|
|
|
31 |
|
|
|
32 |
if ($row['password']!= md5($_POST['password'])){
|
|
|
33 |
#if the passwords don't match
|
|
|
34 |
} else {
|
|
|
35 |
$r=1;
|
|
|
36 |
#we're using it to tell we got a match
|
|
|
37 |
|
|
|
38 |
$_SESSION['username'] = $row['username'];
|
|
|
39 |
#set the session variable username to the users name
|
|
|
40 |
|
|
|
41 |
$_SESSION['password'] = $row['password'];
|
|
|
42 |
#set the session variable password to the users password
|
|
|
43 |
|
|
|
44 |
$_SESSION['level'] = $row['level'];
|
|
|
45 |
#set the session variable level to the level
|
|
|
46 |
}
|
|
|
47 |
if ($r!=1)
|
|
|
48 |
echo 'Sorry, your password is incorrect. Remember, it\'s case sensitive.';
|
|
|
49 |
else
|
|
|
50 |
echo 'Thank you for logging in, <a href="ShoutAdmin.php">Click Here</a> to continue.';
|
|
|
51 |
?>
|