Code: Select all
<?php
session_start();
header("Cache-control: private");
$username=strtolower($_POST['username']);
$passwd=strtolower($_POST['password']);
if($passwd=="" || $username=="") //if fields are blank return error
{
?>
<html>
<head>
<body bgcolor="#330099">
<meta http-equiv="refresh"
content="0;url=hisdlive.htm">
<script type='text/javascript'>
function ALERT() {
alert("1- Invalid Username or Password");
} ALERT()
</script>
</body>
</head>
</html>
<?php
}
else
{
include "db.php";
$query = "SELECT * FROM users WHERE username='".$username."'";
$result = mysql_query($query);
if(!$result)
{
$_SESSION['logged']=FALSE;
?>
<html>
<head>
<body bgcolor="#330099">
<meta http-equiv="refresh"
content="0;url=hisdlive.htm">
<script type='text/javascript'>
function ALERT() {
alert("2 - Invalid Username or Password");
} ALERT()
</script>
</body>
</head>
</html>
<?php
}
else
{ //if not found return error
$rows=mysql_num_rows($result);
if($rows<1)
{
$_SESSION['logged']=FALSE;
?>
<html>
<head>
<body bgcolor="#330099">
<meta http-equiv="refresh"
content="0;url=hisdlive.htm">
<script type='text/javascript'>
function ALERT() {
alert("3 - Invalid Username or Password");
} ALERT()
</script>
</body>
</head>
</html>
<?php
}
else
{
$dbusername=mysql_result($result, 0, "username");
$dbpasswd=mysql_result($result, 0, "password");
if($username==$dbusername && $passwd==$dbpasswd)
{
$_SESSION['logged']=TRUE;
$_SESSION['username']=$username;
?>
<html>
<head>
<body bgcolor="#330099">
<meta http-equiv="refresh" content="0;url=logged.php">
</head>
<body onLoad="if(parent.frames.length!=0) top.location='logged.php';">
</html>
<?php
}
else
{
$_SESSION['logged']=FALSE;
?>
<html>
<head>
<body bgcolor="#330099">
<meta http-equiv="refresh"
content="0;url=hisdlive.htm">
<script type='text/javascript'>
function ALERT() {
alert("4 - Invalid Username or Password");
} ALERT()
</script>
</body>
</head>
</html>
<?php
}
}
}
}
?>