+- LCKB (https://lckb.dev/forum)
+-- Forum: ** OLD LCKB DATABASE ** (https://lckb.dev/forum/forumdisplay.php?fid=109)
+--- Forum: Website Scripting & Security (https://lckb.dev/forum/forumdisplay.php?fid=197)
+---- Forum: Security (https://lckb.dev/forum/forumdisplay.php?fid=164)
+----- Forum: Website Security (https://lckb.dev/forum/forumdisplay.php?fid=141)
+----- Thread: HowTo Prevent SQL Injections with PDO (/showthread.php?tid=980)
Pages:
1
2
- Creep - 08-17-2012
<?php
session_start();
tpl things and stuff...
$success = false;
$error = false;
$ErrorLevel = $Post->Check();
if( $ErrorLevel == 0 )
{
mysql_select_db( $SiteSQL["config-database_auth"] , $Site_sqlcon) or die( mysql_error() );
$result = mysql_query
("
SELECT user_code, user_id, passwd
FROM bg_user
WHERE user_id = '". $Post->UserName . "'
AND BINARY passwd = '". $Post->Password . "'
") or die( mysql_error() );
if( mysql_num_rows( $result ) == 1 )
{
$Encryption = new Encryption();
$row = mysql_fetch_array( $result );
$_SESSION['Username'] = $row['user_id'];
$_SESSION['Password'] = $Encryption->GetSha1Hash( $row['passwd'] );
$_SESSION['UserID'] = $row['user_code'];
$success = true;
$msg = "Logged in succesfully.<br />U will now be redirected";
}
else
{
$error = true;
$msg = "Login incorrect";
}
}
elseif( $ErrorLevel == 1 )
{
$error = true;
$msg = "U have to fill a username and password.";
}
elseif( $ErrorLevel == 100)
{
Die('Don\'t mess around sir');
}
if( $success == true )
{
$tpl->newBlock('success');
$tpl->Assign('msg' , $msg);
}
else
{
$tpl->newBlock('loginform');
if( $error == true )
{
$tpl->newBlock('error');
$tpl->Assign('msg' , $msg);
}
}
$tpl->printToScreen();
?>
so the red part here needs to be edited ..
tryed it sometimes but never gone well :S