<?php
session_start();
require('connessionedb.php');
if(!isset($_SESSION['log']))
{
$_SESSION['log'] = 0;
}
if(!isset($_SESSION['username']))
{
$_SESSION['username'] = "Non Registrato";
}
if ($_SESSION['log'] != 1)
{
// Se non lo è procediamo come segue:
if(isset($_POST['pass']) && isset($_POST['user']))
{
$qry_pass = md5($_POST['pass']);
$qry_user = mysql_real_escape_string($_POST['user']);
$query = "SELECT * " .
"FROM user " .
"WHERE user_username = '$qry_user' " .
"AND user_password = '$qry_pass' " .
"AND user_password = '$qry_pass' " .
"AND user_reg = 1 ";
$results = mysql_query($query) or die (mysql_error());
if(mysql_num_rows($results) != 0)
{
$row = mysql_fetch_array($results);
$_SESSION['log'] = 1; // utente logato
$_SESSION['username'] = $row['user_username'];
}
}
}
echo "<span style=\"color:red\">Utente on-line:
" . $_SESSION['username'] . "</span>
"
?>
.................
.................
.................
................
<?php
if ($_SESSION['log'] != 1)
{
?>
.................
.................
.................
.................
<?php
} else {
$query = "SELECT user_level " .
"FROM user " .
"WHERE user_username = ---->utente loggato<----";
$results = mysql_query($query) or die (mysql_error());
if ($results='C'){
?>
................
................
................
................
<?php
} else {
?>
.............
............
............
............
<?php
}
?>
</body>
</html>
Rispondi quotando