43 lines
1.1 KiB
PHP
43 lines
1.1 KiB
PHP
<?php
|
|
|
|
if( isset( $_GET[ 'Login' ] ) ) {
|
|
// Check Anti-CSRF token
|
|
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
|
|
|
|
// Sanitise username input
|
|
$user = $_GET[ 'username' ];
|
|
$user = stripslashes( $user );
|
|
$user = mysql_real_escape_string( $user );
|
|
|
|
// Sanitise password input
|
|
$pass = $_GET[ 'password' ];
|
|
$pass = stripslashes( $pass );
|
|
$pass = mysql_real_escape_string( $pass );
|
|
$pass = md5( $pass );
|
|
|
|
// Check database
|
|
$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
|
|
$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
|
|
|
|
if( $result && mysql_num_rows( $result ) == 1 ) {
|
|
// Get users details
|
|
$avatar = mysql_result( $result, 0, "avatar" );
|
|
|
|
// Login successful
|
|
$html .= "<p>Welcome to the password protected area {$user}</p>";
|
|
$html .= "<img src=\"{$avatar}\" />";
|
|
}
|
|
else {
|
|
// Login failed
|
|
sleep( rand( 0, 3 ) );
|
|
$html .= "<pre><br />Username and/or password incorrect.</pre>";
|
|
}
|
|
|
|
mysql_close();
|
|
}
|
|
|
|
// Generate Anti-CSRF token
|
|
generateSessionToken();
|
|
|
|
?>
|