1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<?php
/* check login script, included in db_connect.php. */
session_start();
if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
$logged_in = 0;
return;
} else {
// remember, $_SESSION['password'] will be encrypted.
if(!get_magic_quotes_gpc()) {
$_SESSION['username'] = addslashes($_SESSION['username']);
}
// addslashes to session username before using in a query.
/*
$pass = $db_object->query("SELECT password FROM users WHERE username = '".$_SESSION['username']."'");
if(DB::isError($pass) || $pass->numRows() != 1) {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
$db_pass = $pass->fetchRow();
*/
// now we have encrypted pass from DB in
//$db_pass['password'], stripslashes() just incase:
//$db_pass['password'] = stripslashes($db_pass['password']);
//$_SESSION['password'] = stripslashes($_SESSION['password']);
//compare:
if($_SESSION['password'] == "srlone") {
// valid password for username
$logged_in = 1; // they have correct info
// in session variables.
} else {
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
}
// clean up
unset($db_pass['password']);
$_SESSION['username'] = stripslashes($_SESSION['username']);
?>
|