function query() { $login = $_GET['login']; $password = $_GET['password']; $sessionid; $mysqli = new mysqli(DBSERVER, DBUSER, DBPWD, DB); ////set the query $query = sprintf("SELECT * FROM `user` WHERE `user`.`userlogin`='%s' AND `user`.`userpassword`='%s' AND `user`.`userisactive`=1", $mysqli->real_escape_string($_GET['login']), MD5($_GET['password'])); echo $query; $result = $mysqli->query($query); if ($result) { //no errors if ($result->num_rows == 0) { return "<access>Echec d'authentification pour utilisateur {$login}</access><user><login>" . $row->userlogin . "</login>" . "<password>" . $row->userpassword . "</password>" . "<nom>" . $row->userlastname . "</nom>" . "<prenom>" . $row->userfirstname . "</prenom></user>"; } else { $row = $result->fetch_object(); $sessionid = createsession($row->userid); updatelastlogin($row->userid); return "<access>OK</access><user><userid>" . $row->userid . "</userid>" . "<login>" . $row->userlogin . "</login>" . "<password>" . $row->userpassword . "</password>" . "<nom>" . $row->userlastname . "</nom>" . "<prenom>" . $row->userfirstname . "</prenom>" . "<lastlogin>" . $row->userlastlogin . "</lastlogin>" . "<sessionid>{$sessionid}</sessionid></user>"; } } else { echo $mysqli->error; } $mysqli->close(); }
function authenticate($usid) { createsession($usid); refreshsessions($usid); header("Location:home.php"); }