hey guys I am just fiddling with code with a helping hand from
https://www.w3schools.com/php/php_form_validation.asp
here is what I got so far ( not tested yet )
Code:
<?php
//
// TorrentTrader v2.x
// $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $
// $LastChangedBy: torrenttrader $
//
// http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();
function spesh_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if($_SERVER["REQUEST_METHOD"] == "POST") {
$username = spesh_input($_POST["username"]);
$password = spesh_input($_POST["password"]);
}
$password = passhash($password);
if(!empty($username) && !epmty($password)) {
$res = mysqli_query("SELECT id,password,secret,status,enabled
FROM users
WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
$row = mysqli_fetch_assoc($res);
if(!$row || $row["password"] != $password){
$message = T_("LOGIN_INCORRECT");
} elseif($row["status"] == "pending"){
$message = T_("ACCOUNT_PENDING");
} elseif($row["enabled"]) == "no"){
$message = T_("ACCOUNT_DISABLED");
} else {
$message = T_("NO_EMPTY_FIELDS");
}
if(!$message) {
logincookie($row["id"},$row["password"],$row["secret"]);
if(!empty($_POST["returnto"])){
header("Refresh:0;url=".$_POST["returnto"]);
die();
} else {
header("Refresh:0;url=index.php");
die();
}
} else {
show_error_msg(T_("ACCESS_DENIED"), $message, 1);
}
}
logoutcookie();