/** * login7.php * * A simple login module that checks a username and password * against a MySQL table with weak encryption (well, a weak hash). * * David J. Malan * Computer Science E-75 * Harvard Extension School */ // enable sessions session_start(); // connect to database if (($connection = mysql_connect("", "", "")) === FALSE) die("Could not connect to database"); // select database if (mysql_select_db("", $connection) === FALSE) die("Could not select database"); // if username and password were submitted, check them if (isset($_POST["user"]) && isset($_POST["pass"])) { // prepare SQL $sql = sprintf("SELECT 1 FROM users WHERE user='%s' AND pass=PASSWORD('%s')", mysql_real_escape_string($_POST["user"]), mysql_real_escape_string($_POST["pass"])); // execute query $result = mysql_query($sql); if ($result === FALSE) die("Could not query database"); // check whether we found a row if (mysql_num_rows($result) == 1) { // remember that user's logged in $_SESSION["authenticated"] = TRUE; // redirect user to home page, using absolute path, per // http://us2.php.net/manual/en/function.header.php $host = $_SERVER["HTTP_HOST"]; $path = rtrim(dirname($_SERVER["PHP_SELF"]), "/\\"); header("Location: http://$host$path/home.php"); exit; } } ?>