-
Notifications
You must be signed in to change notification settings - Fork 0
/
checklogin.php
85 lines (60 loc) · 1.92 KB
/
checklogin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
$host="db2517.1and1.fr"; // Host name
$username="dbo331051526"; // Mysql username
$password="guigus06"; // Mysql password
$db_name="db331051526"; // Database name
$tbl_name="client"; // Table name
// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$nomclient=$_POST["nomclient"];
$mdp=$_POST["mdp"];
//echo $nomclient;
// To protect MySQL injection (more detail about MySQL injection)
$nomclient = stripslashes($nomclient);
$mdp = stripslashes($mdp);
$nomclient = mysql_real_escape_string($nomclient);
$mdp = mysql_real_escape_string($mdp);
//test dautentification du client
$sql="SELECT * FROM $tbl_name WHERE username='$nomclient' and password='$mdp'";
$temp=mysql_query( $sql );
$count=mysql_num_rows($temp);
if($count==1){
// Ouveture Session
session_start();
//Enregistrement des variables de session
$_SESSION["nomclient"] = $_POST["nomclient"];
$nomclient = $_SESSION["nomclient"];
$_SESSION["mdp"] = $mdp;
$req="SELECT mail FROM client WHERE username='$nomclient'";
$result=mysql_query($req);
$result=mysql_fetch_assoc($result);
$mail=$result["mail"];
$_SESSION["mail"] = $mail;
$result = mysql_fetch_array($temp);
$adminame=$result["username"];
$adminpass = $result["password"];
if($adminame == "guillaume" && $adminpass == "projetweb"){
$montant = mysql_fetch_array($temp);
$lemontant = $montant["montant"];
$_SESSION["montant"] = $lemontant;
header("location:index_admin.php");
}
else{
$montant = mysql_fetch_array($temp);
$lemontant = $montant["montant"];
$_SESSION["montant"] = $lemontant;
if(!isset($_SESSION["nomclient"])){
header("location:index.php");
}
else{
header("location:index_client.php");
}
mysql_close($conn);
}
}
else {
header("location:erreur_log.php");
}
?>