Hi, i download the login script from janvier. But its bugged on my xxamp so i edit it, and now its working for me with sessions.
Code:
<?php
$CONFIG['host'] = "localhost";
$CONFIG['user'] = "sa";
$CONFIG['pass'] = "password";
$CONFIG['conn'] = mssql_connect( $CONFIG['host'], $CONFIG['user'], $CONFIG['pass']);
function anti_injection($sql) {
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
if(isset($_GET['action']) == 'login'){
$user = anti_injection($_POST['user']);
$pass = anti_injection($_POST['pass']);
$crypt_pass = md5($pass);
$QueryA = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$rowA = mssql_num_rows($QueryA);
$QueryB = mssql_query("SELECT user_pwd FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$rowB = mssql_fetch_row($QueryB);
if($rowA == '0'){
echo '<br>This game account is not found in the database.';
}if($rowB[0] != $crypt_pass){
echo '<br>Wrong password. Try again.';
}else if($_GET['login'] != 'login' && $rowA == '0'){
echo '<br>Login Error, Please login again.';
}else{
$aQuery = mssql_query("SELECT * FROM account.dbo.user_profile WHERE user_id = '".$user."'");
$aRow = mssql_fetch_row($aQuery);
$_SESSION['id'] = $row[0];
$_SESSION['user'] = $row[1];
echo "Welkom" . $_SESSION['user'];
}
}else{
if(isset($_SESSION['user'])){
echo "Welcome..";
}else{
?>
//FORM
<?php
}
?>