function login($uname, $passwd)
{
if (!empty($uname) && !empty($passwd)) {
$dbconn = new_conn();
$query_raw_salt = "SELECT `raw_salt` FROM `user` WHERE `username` = '{$uname}'";
$result_raw_salt = $dbconn->query($query_raw_salt);
if ($result_raw_salt) {
if ($result_raw_salt->num_rows == 1) {
$row = $result_raw_salt->fetch_array();
$raw_salt = $row['raw_salt'];
$query_passwd = "SELECT `id`,`username` FROM `user` WHERE `username` = '{$uname}' AND `password` = " . my_hash($passwd, $raw_salt);
$result_passwd = $dbconn->query($query_passwd);
if ($result_passwd->num_rows == 1) {
$row = $result_passwd->fetch_array();
$_SESSION['uid'] = $row['id'];
$_SESSION['uname'] = $row['username'];
return TRUE;
}
}
}
}
return FALSE;
}
<?php
session_start();
include 'classes/init.php';
$db = new_conn();
if (isset($_POST["muviname"]) && !empty($_POST["muviname"]) && isset($_POST["muviquality"]) && !empty($_POST["muviquality"])) {
try {
$sql = "INSERT INTO muvi_tbl (id,name,room,muviname,muviquality) \n VALUES ('{$_SESSION['id']}','{$_SESSION['Firstname']}','{$_SESSION['roomno']}','{$_POST['muviname']}','{$_POST['muviquality']}') ";
// use exec() because no results are returned
$db->exec($sql);
echo "Updated !";
header('Location:umd.php');
} catch (PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
} else {
echo "Data Not Entered";
}