insecure-php-application-fo.../login.php

32 lines
681 B
PHP
Raw Normal View History

2019-11-14 09:10:36 +01:00
<?php
require 'includes/common.php';
if (isset($_SESSION['id'])) {
header('Location: ./user.php');
exit;
}
2019-11-18 11:30:22 +01:00
if (!isset($_REQUEST['username'], $_REQUEST['password'])) {
2019-11-14 09:10:36 +01:00
header('Location: ./');
exit;
}
2019-11-18 11:30:22 +01:00
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
2019-11-14 09:10:36 +01:00
$con = connect();
2019-11-18 11:30:22 +01:00
$sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";
$getUser = mysqli_query($con, $sql);
if (!$getUser) {
header('Location: ./');
exit;
}
2019-11-14 09:10:36 +01:00
$user = mysqli_fetch_assoc($getUser);
$_SESSION['id'] = $user['id'];
2019-11-18 11:30:22 +01:00
header('Location: ./');
2019-11-14 09:10:36 +01:00
exit;
?>