mauirixxx
8 年之前
共有 1 個檔案被更改,包括 62 行新增 和 0 行删除
統一視圖
Diff Options
-
+62 -0gw-login.php
+ 62
- 0
gw-login.php
查看文件
| @@ -0,0 +1,62 @@ | |||||
| <?php | |||||
| session_start(); | |||||
| if (isset($_SESSION['userid']) && ($_SESSION['access'])){ | |||||
| echo 'Proceed to character selection <A HREF="gw-toon.php">here</A><BR>'; //really should automate this | |||||
| } else { | |||||
| include_once 'gw-connect.php'; | |||||
| $con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME); | |||||
| $username = mysqli_real_escape_string($con, $_POST['username']); //enable this after username form is built | |||||
| //$username = 'mauirixxx'; //delete this line after the above is finished | |||||
| $password = mysqli_real_escape_string($con, $_POST['password']); //enable this after password form is built | |||||
| //$password = 'drx9175l'; | |||||
| $password = md5($password); | |||||
| if ($con->connect_errno > 0){ | |||||
| die ('Unable to connect to database [' . $db->connect_errno . ']'); | |||||
| } | |||||
| $sqllogin = "SELECT * FROM users WHERE users.username = '$username' and password = '$password'"; | |||||
| if (!$result = $con->query($sqllogin)){ | |||||
| die ('There was an error running the query [' . $con->error . ']'); | |||||
| } | |||||
| while ($row = $result->fetch_array()){ | |||||
| $uname = $row['username']; | |||||
| $uid = $row['userid']; | |||||
| $access = $row['access']; | |||||
| $_SESSION['username'] = $uname; | |||||
| $_SESSION['userid'] = $uid; | |||||
| $_SESSION['access'] = $access; | |||||
| echo 'Your username is ' . $uname . '. Your userid is ' . $uid . '. Your access level is ' . $access . '.<BR />'; | |||||
| } | |||||
| } | |||||
| # keeping the code below for references material only | |||||
| /* if(isset($_POST["submit"])){ | |||||
| if(empty($_POST["username"]) || empty($_POST["password"])){ | |||||
| $error = "Both fields are required."; | |||||
| } else { | |||||
| // Define $username and $password | |||||
| $username=$_POST['username']; | |||||
| $password=$_POST['password']; | |||||
| // To protect from MySQL injection | |||||
| $username = stripslashes($username); | |||||
| $password = stripslashes($password); | |||||
| $username = mysqli_real_escape_string($con, $username); | |||||
| $password = mysqli_real_escape_string($con, $password); | |||||
| $password = md5($password); | |||||
| //Check username and password from database | |||||
| $sql-login="SELECT userid FROM users WHERE users.username = '$username' and password = '$password'"; | |||||
| $result=mysqli_query($con,$sql-login); | |||||
| $row=mysqli_fetch_array($result,MYSQLI_ASSOC); | |||||
| //If username and password exist in our database then create a session. | |||||
| //Otherwise echo error. | |||||
| if(mysqli_num_rows($result) == 1){ | |||||
| $_SESSION['username'] = $login_user; // Initializing Session | |||||
| header("location: gw-toon.php"); // Redirecting To Other Page | |||||
| } else { | |||||
| $error = "Incorrect username or password."; | |||||
| } | |||||
| } | |||||
| } */ | |||||
| ?> | |||||