- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($connect, $username);
$password = mysqli_real_escape_string($connect, $password);
$login = mysqli_query($connect, "SELECT * FROM users WHERE username = '$username'");
while ($row = mysqli_fetch_assoc($login))
{
$db_password = $row['password'];
if (sha1($password) == $db_password)
$loginok = TRUE;
else
$loginok = FALSE;
if ($loginok == TRUE)
{
// Register $username, $password
$_SESSION["username"] = $username;
exit();
}
else
die('Feil brukernavn/passord.');
}
Vasiliy 27.10.2010 10:27 # 0
bugmenot 27.10.2010 12:38 # +2
= защищать MySQL инъекцию, владение языком на уровне, lol
Lure Of Chaos 27.10.2010 18:38 # 0
Анонимус 29.10.2010 04:19 # +1