/login.php
PHP | 48 lines | 37 code | 8 blank | 3 comment | 10 complexity | 298aeaf8107c265e0d0b2710e071f1be MD5 | raw file
- <?php
- include("config.php");
- require("mysql.php");
- // assign referrer variable
- $redirect = '';
- if(isset($_POST['redirect']))
- $redirect = mysql_real_escape_string($_POST['redirect']);
- // assign admin username variable
- $username = '';
- if(isset($_POST['managewsd_login_username']))
- $username = mysql_real_escape_string($_POST['managewsd_login_username']);
- // assign admin username variable
- $password = '';
- if(isset($_POST['managewsd_login_password']))
- $password = mysql_real_escape_string($_POST['managewsd_login_password']);
- $query = "SELECT id, password, salt, fullname
- FROM users
- WHERE username = '$username'";
- $result = mysql_query($query) or die(mysql_error());
- if(mysql_num_rows($result) < 1) { // no such user exists
- header('Location: auth.php');
- }
- $userData = mysql_fetch_array($result, MYSQL_ASSOC);
- $hash = sha1( $userData['salt'] . sha1($password) );
- if($hash == $userData['password']) { // correct password
- $_SESSION[$session_name] = TRUE;
- $_SESSION['username_auth'] = $username;
- $_SESSION['userid_auth'] = $userData['id'];
- $_SESSION['userfullname_auth'] = $userData['fullname'];
- if($redirect && $redirect != $protocol."://".$hostname.$basehref)
- header("Location: ".$protocol."://".$hostname.$basehref);
- else
- header("Location: ".$redirect);
- exit();
- } else { // incorrect password
- header("Location: ".$protocol."://".$hostname.$basehref."auth.php");
- exit();
- }
- mysql_close($link);
- ?>