CONNECT_DB(); $tbl_name = 'user'; // Table name // username and password sent from form - user clean function to protect MySQL injection $myusername = cleanstr($_POST['user']); $mypassword = cleanstr($_POST['pass']); //echo $myusername." :: ".$mypassword;//exit(); $sql = "SELECT enable FROM {$tbl_name} WHERE username='******' and password='******'"; $result = mysql_query($sql); // Mysql_num_row is counting table row $count = mysql_num_rows($result); //echo $count;exit(); // If result matched $myusername and $mypassword, table row must be 1 row if ($count == 1) { //kiểm tra sự tồn tại của user $enable = (int) GET_DB_VALUE($sql, 'enable'); //kiểm tra xem user có bị disable không if ($enable == 1) { // Register $myusername, $mypassword and redirect to file "login_success.php" //session_start(); //session_register("name"); //session_register("myusername"); //session_register("mypassword"); //$_SESSION['memberloggedin']=$myusername; //$_SESSION['loggedin']=true; $sqlupdate = "UPDATE user SET lastvisit ='{$timenow}' WHERE username='******' and password='******'"; $updateresult = mysql_query($sqlupdate); //header("location:http://bebibo.org/"); echo 'Successful'; //.$_SESSION['memberloggedin']; } else {
// Mysql_num_row is counting table row $count = mysql_num_rows($result); // exit(); //echo 'here';exit(); // If result matched $myusername and $mypassword, table row must be 1 row if ($count == 1) { //kiểm tra sự tồn tại của user $enable = (int) GET_DB_VALUE($sql, 'enable'); //kiểm tra xem user có bị disable không $usergroup = (int) GET_DB_VALUE($sql, 'usergroup'); $id_investor = (int) GET_DB_VALUE($sql, 'id_investor'); $id_pwc = (int) GET_DB_VALUE($sql, 'id_pwc'); $id_sub = (int) GET_DB_VALUE($sql, 'id_sub'); //$ma_congto = GET_DB_VALUE($sql, 'ma_congto'); //$user_right = (int)GET_DB_VALUE($sql, 'user_right'); $visitnumber = (int) GET_DB_VALUE($sql, 'visit_number'); if ($enable == 1) { $_SESSION['memberloggedin'] = $myusername; $_SESSION['usergroup'] = $usergroup; $_SESSION['id_investor'] = $id_investor; $_SESSION['id_pwc'] = $id_pwc; $_SESSION['id_sub'] = $id_sub; //$_SESSION['user_right']=$user_right; // cái mô thế này $_SESSION['loggedin'] = true; $visitnumber++; $sqlupdate = "UPDATE user SET last_visit ='{$timenow}', visit_number = {$visitnumber} WHERE user_name='{$myusername}' and password='******'"; $updateresult = mysql_query($sqlupdate); //header("location:http://bebibo.org/"); /* userlogs here */