Code: Select all
<?php
include('includes/connect.php');
include('includes/functions.php');
$user = $_POST['user'];
$password = $_POST['password'];
$user = mysql_real_escape_string(strip_tags($user));
$password = mysql_real_escape_string(strip_tags($password));
$get_stuffs = mysql_query("SELECT * FROM users WHERE name='$user'") or die(mysql_error());
$arr_stuffs = mysql_fetch_array($get_stuffs);
if(isset($arr_stuffs['user']) && $arr_stuffs['password'] == $password) {
$_SESSION['user'] = $user;
$time = time();
mysql_query("UPDATE users SET last_active='$time'") or die(mysql_error());
mysql_query("INSERT INTO chat (msg, sent_by, time_sent) VALUES ('$uname has logged on!', 'System', '$time')");
header('location: game/index.php');
} elseif(isset($arr_stuffs['user']) && $arr_stuffs['password'] != $password) {
header('location: index.php?error=1');
} elseif(!isset($arr_stuffs['user'])) {
//header('location: index.php?error=2');
echo $user;
echo $password;
echo $arr_stuffs['user'];
} else {
header('location: index.php?error=3');
}
?>
Now, I'm not sure on whether I'm supposed to run it like this, or if there is someway I should be un-encrypting the password.