<?php
session_start ();
?>
<?php
$nickname = $_GET ["nickname"];
$passwort = $_GET ["passwort"];
include ('/home/david/mysqldata.php');
$handle = mysql_connect ('127.0.0.1', $MYSQL_NAME, $MYSQL_PASSWORD);
$nickname = htmlentities(mysql_real_escape_string ($nickname, $handle));
$passwort = htmlentities(mysql_real_escape_string ($passwort, $handle));
mysql_query ("USE mysocial_database");
$result = mysql_query ("SELECT * FROM users WHERE nickname=\"" . $nickname . "\"", $handle);
if (mysql_num_rows ($result) == 0)
echo "Diesen Benutzer gibt es nicht<br>";
else {
$row = mysql_fetch_assoc ($result);
if (strcmp(md5 ($passwort), $row ["passwort"]) != 0)
echo "Ihr Passwort ist falsch - probieren sie zu hacken?<br>";
else {
$_SESSION ["name"] = $nickname;
}
echo "<script>window.location=\"./thread.php\";</script>";
}
?>
