Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include ('includes/header.php');
- $msgBox = '';
- if ( isset( $_POST['email'] ) )
- {
- try
- {
- // Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
- NoCSRF::check( 'csrf_token', $_POST, true, 60*10, false );
- if ($_POST['email'] == '') {
- $msgBox = alertBox($EmailEmpty);
- } else
- if ($_POST['password'] == '') {
- $msgBox = alertBox($PasswordEmpty);
- } else {
- // Get User Info
- $Email = $mysqli->real_escape_string($_POST['email']);
- $Password = encryptIt($_POST['password']);
- if ($stmt = $mysqli->prepare("SELECT UserId, FirstName, LastName, Email, Password, Currency from user WHERE Email = ? AND Password = ? ")) {
- $stmt->bind_param("ss", $Email, $Password);
- $stmt->execute();
- $stmt->bind_result($UserId_, $FirstName_, $LastName_, $Email_, $Password_, $Currency_);
- $stmt->store_result();
- $stmt->fetch();
- if ($num_of_rows = $stmt->num_rows >= 1) {
- session_start();
- $_SESSION['UserId'] = $UserId_;
- $_SESSION['FirstName'] = $FirstName_;
- $_SESSION['LastName'] = $LastName_;
- $_SESSION['Currency'] = $Currency_;
- $UserIds = $_SESSION['UserId'];
- .............
- }
- echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
- } else {
- $msgBox = alertBox($LoginError);
- }
- }
- }
- }
- catch ( Exception $e )
- {
- // CSRF attack detected
- echo 'CSRF ATTACK DETECTED';
- session_destroy();
- echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
- }
- }
- else
- {
- $result = 'No post data yet.';
- }
- $token = NoCSRF::generate( 'csrf_token' );
- ?>
- <body>
- <div class="container">
- <div class="row">
- <div class="col-md-4 col-md-offset-4">
- <div class="login-panel panel panel-primary">
- <div class="panel-heading">
- <h3 class="panel-title text-center"><span class="glyphicon glyphicon-lock"></span> <?php echo
- $UserSign; ?></h3>
- </div>
- <div class="panel-body">
- <?php if ($msgBox) {
- echo $msgBox;
- } ?>
- <form method="post" action="" role="form">
- <fieldset>
- <div class="form-group">
- <label for="email"><?php echo $Emails; ?></label>
- <input type="hidden" name="csrf_token" value="<?php echo $token; ?>">
- <input class="form-control" placeholder="<?php echo
- $Emails; ?>" name="email" type="email" autofocus>
- </div>
- <div class="form-group">
- <label for="password"><?php echo $Passwords; ?></label>
- <input class="form-control" placeholder="<?php echo
- $Passwords; ?>" name="password" type="password" value="">
- </div>
- <hr>
- <button type="submit" name="login" class="btn btn-success btn-block"><span class="glyphicon glyphicon-log-in"></span> <?php echo
- $SignIn; ?></button>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement