session_start();
$messaggio="Authentication User and Password:";
$dbuser="root";
$dbpassword="";
$database="wificafe";
if (isset($_POST["login"]) And ($_POST["userid"]!='') And ($_POST["passwd"]!='')) {
$link = mysql_connect('localhost', $dbuser, $dbpassword);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
@mysql_select_db($database) or die( "Unable to select database");
$query="SELECT password FROM `wificafe_users` WHERE username='".$_POST["userid"]."'";
$result = mysql_query($query);
if (!$result) {
die('Could not query:' . mysql_error());
}
if (mysql_num_rows($result)>0){
$dbpassword=mysql_result($result, 0);
mysql_close($link);
list($md5pass, $saltpass) = split(":", $dbpassword);
if ((md5($_POST["passwd"].$saltpass))==$md5pass) {
//all ok, go on with session
$_SESSION["auth"] = 1;
$destinazione = 'index.php';
header("location: ".$destinazione);
} else {$messaggio="Sorry invalid password:";}
} else {$messaggio="Sorry invalid username:";}
}
0 comments:
Post a Comment