function check_login($user_id, $password) { $user_id = mysql_escape_string($user_id); $pass2 = 'No Saved'; session_destroy(); session_start(); $sql = "INSERT INTO `loginlog` VALUES('{$user_id}','{$pass2}','" . $_SERVER['REMOTE_ADDR'] . "',NOW())"; @mysql_query($sql) or die(mysql_error()); $sql = "SELECT `user_id`,`password` FROM `users` WHERE `user_id`='" . $user_id . "'"; $result = mysql_query($sql); $row = mysql_fetch_array($result); if ($row && pwCheck($password, $row['password'])) { $user_id = $row['user_id']; mysql_free_result($result); return $user_id; } mysql_free_result($result); return false; }
$school = trim($_POST['school']); $nick = trim($_POST['nick']); $len = strlen($nick); if ($len > 100) { $err_str = $err_str . "Nick Name Too Long!"; $err_cnt++; } else { if ($len == 0) { $nick = $user_id; } } $password = $_POST['opassword']; $sql = "SELECT `user_id`,`password` FROM `users` WHERE `user_id`='" . $user_id . "'"; $result = mysqli_query($mysqli, $sql); $row = mysqli_fetch_array($result); if ($row && pwCheck($password, $row['password'])) { $rows_cnt = 1; } else { $rows_cnt = 0; } mysqli_free_result($result); if ($rows_cnt == 0) { $err_str = $err_str . "Old Password Wrong"; $err_cnt++; } $len = strlen($_POST['npassword']); if ($len < 6 && $len > 0) { $err_cnt++; $err_str = $err_str . "Password should be Longer than 6!\\n"; } else { if (strcmp($_POST['npassword'], $_POST['rptpassword']) != 0) {