API tools faq
paste
Advertisement
Wuppertaler93

Login.php Schipserl

Wuppertaler93
May 25th, 2016
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.07 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include("password.php");
  3. session_start();
  4. $pdo = new PDO('mysql:host=mylonky.lima-db.de;dbname=XXX', 'USER', 'PASS');
  5.  
  6. function random_string() {
  7.     if(function_exists('random_bytes')) {
  8.         $bytes = random_bytes(16);
  9.         $str = bin2hex($bytes);
  10.     } else if(function_exists('openssl_random_pseudo_bytes')) {
  11.         $bytes = openssl_random_pseudo_bytes(16);
  12.         $str = bin2hex($bytes);
  13.     } else if(function_exists('mcrypt_create_iv')) {
  14.         $bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
  15.         $str = bin2hex($bytes);
  16.     } else {
  17.         //Bitte euer_geheim_string durch einen zufälligen String mit >12 Zeichen austauschen
  18.         $str = md5(uniqid('euer_geheim_string', true));
  19.     }  
  20.     return $str;
  21. }
  22.  
  23. if(isset($_GET['login'])) {
  24.   $username = $_POST['username'];
  25.   $passwort = $_POST['passwort'];
  26.  
  27.   $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
  28.   $result = $statement->execute(array('username' => $username));
  29.   $user = $statement->fetch();
  30.    
  31.   //Ãœberprüfung des Passworts
  32.   if ($user !== false && password_verify($passwort, $user['passwort'])) {
  33.     $_SESSION['userid'] = $user['id'];
  34.  
  35.         //Möchte der Nutzer angemeldet beleiben?
  36.         if(isset($_POST['angemeldet_bleiben'])) {
  37.             $identifier = random_string();
  38.             $securitytoken = random_string();
  39.            
  40.             $insert = $pdo->prepare("INSERT INTO securitytokens (user_id, identifier, securitytoken) VALUES (:user_id, :identifier, :securitytoken)");
  41.             $insert->execute(array('user_id' => $user['id'], 'identifier' => $identifier, 'securitytoken' => sha1($securitytoken)));
  42.             setcookie("identifier",$identifier,time()+(3600*24*365)); //1 Jahr Gültigkeit
  43.             setcookie("securitytoken",$securitytoken,time()+(3600*24*365)); //1 Jahr Gültigkeit
  44.         }
  45.        
  46.     die('Login erfolgreich. <br><br>Du wirst automatisch zur <a href="index.php">Startseite</a> weitergeleitet.
  47.     <meta http-equiv="refresh" content="3; URL=index.php">');
  48.   } else {
  49.     $errorMessage = 'E-Mail oder Passwort war ungültig<br> Wenn du dein Passwort Vergessen hast, dann klicke <a href="passwortvergessen.php">Hier</a>.<br>';
  50.   }
  51.  
  52. }
  53. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!