/** * login5.php * * A simple login module that checks a username and password * against a MySQL table with no encryption. * * David J. Malan * Computer Science E-75 * Harvard Extension School */ // enable sessions session_start(); // connect to database if (($connection = mysql_connect("", "", "")) === FALSE) die("Could not connect to database"); // select database if (mysql_select_db("", $connection) === FALSE) die("Could not select database"); // if username and password were submitted, check them if (isset($_POST["user"]) && isset($_POST["pass"])) { // prepare SQL $sql = sprintf("SELECT * FROM users WHERE user='%s'", mysql_real_escape_string($_POST["user"])); // execute query $result = mysql_query($sql); if ($result === FALSE) die("Could not query database"); // check whether we found a row if (mysql_num_rows($result) == 1) { // fetch row $row = mysql_fetch_assoc($result); // check password if ($row["pass"] == $_POST["pass"]) { // remember that user's logged in $_SESSION["authenticated"] = TRUE; // redirect user to home page, using absolute path, per // http://us2.php.net/manual/en/function.header.php $host = $_SERVER["HTTP_HOST"]; $path = rtrim(dirname($_SERVER["PHP_SELF"]), "/\\"); header("Location: http://$host$path/home.php"); exit; } } } ?>