Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // First we execute our common code to connection to the database and start the session
- require("common.php");
- // This variable will be used to re-display the user's username to them in the
- // login form if they fail to enter the correct password. It is initialized here
- // to an empty value, which will be shown if the user has not submitted the form.
- $submitted_username = '';
- // This variable will hold the error, if any
- $error = false;
- // If login form submitted
- if (isset($_POST['username']))
- {
- // Check fields
- if (empty($_POST['username']))
- {
- $error = 'Please enter your user name';
- }
- elseif (empty($_POST['password']))
- {
- $error = 'Please enter your password';
- }
- else
- {
- // This query retreives the user's information from the database using
- // their username.
- $query = "
- SELECT
- id,
- username,
- password,
- salt
- FROM users
- WHERE
- username = :username
- ";
- $query_params = array(
- ':username' => $_POST['username']
- );
- try
- {
- // Execute
- $stmt = $db->prepare($query);
- $stmt->execute($query_params);
- // Check if one row was found with the username
- $row = $stmt->fetch();
- if($row)
- {
- // Check password with secure hash and salt
- $check_password = hash('sha256', $_POST['password'] . $row['salt']);
- if($check_password === $row['password'])
- {
- // Bingo! Remove hash and salt to increase security and store user in session
- unset($row['salt']);
- unset($row['password']);
- $_SESSION['user'] = $row;
- }
- else
- {
- // Wrong password
- $error = 'Wrong username/password, please try again';
- }
- }
- else
- {
- // Wrong password
- $error = 'Wrong username, please try again';
- }
- }
- catch(PDOException $ex)
- {
- $error = 'Failed to run query: ' . $ex->getMessage();
- }
- // Check if AJAX request
- $ajax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) and strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
- if ($ajax)
- {
- header('Cache-Control: no-cache, must-revalidate');
- header('Expires: '.date('r', time()+(86400*365)));
- header('Content-type: application/json');
- echo json_encode(array(
- 'logged' => !$error,
- 'error' => $error
- ));
- exit();
- }
- elseif (!$error)
- {
- header('Location: dashboard.php');
- exit();
- }
- // Show them their username again so all they have to do is enter a new
- // password. The use of htmlentities prevents XSS attacks. You should
- // always use htmlentities on user submitted values before displaying them
- // to any users (including the user that submitted them). For more information:
- // http://en.wikipedia.org/wiki/XSS_attack
- $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
- }
- }
- ?><!DOCTYPE html>
- <!--[if IEMobile 7]><html class="no-js iem7 oldie linen"><![endif]-->
- <!--[if (IE 7)&!(IEMobile)]><html class="no-js ie7 oldie linen" lang="en"><![endif]-->
- <!--[if (IE 8)&!(IEMobile)]><html class="no-js ie8 oldie linen" lang="en"><![endif]-->
- <!--[if (IE 9)&!(IEMobile)]><html class="no-js ie9 linen" lang="en"><![endif]-->
- <!--[if (gt IE 9)|(gt IEMobile 7)]><!--><html class="no-js linen" lang="en"><!--<![endif]-->
- <head>
- <meta charset="utf-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title>Stevens Fine Homes</title>
- <meta name="description" content="">
- <meta name="author" content="">
- <!-- http://davidbcalhoun.com/2010/viewport-metatag -->
- <meta name="HandheldFriendly" content="True">
- <meta name="MobileOptimized" content="320">
- <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
- <!-- For all browsers -->
- <link rel="stylesheet" href="css/reset.css?v=1">
- <link rel="stylesheet" href="css/style.css?v=1">
- <link rel="stylesheet" href="css/colors.css?v=1">
- <link rel="stylesheet" media="print" href="css/print.css?v=1">
- <!-- For progressively larger displays -->
- <link rel="stylesheet" media="only all and (min-width: 480px)" href="css/480.css?v=1">
- <link rel="stylesheet" media="only all and (min-width: 768px)" href="css/768.css?v=1">
- <link rel="stylesheet" media="only all and (min-width: 992px)" href="css/992.css?v=1">
- <link rel="stylesheet" media="only all and (min-width: 1200px)" href="css/1200.css?v=1">
- <!-- For Retina displays -->
- <link rel="stylesheet" media="only all and (-webkit-min-device-pixel-ratio: 1.5), only screen and (-o-min-device-pixel-ratio: 3/2), only screen and (min-device-pixel-ratio: 1.5)" href="css/2x.css?v=1">
- <!-- Additional styles -->
- <link rel="stylesheet" href="css/styles/form.css?v=1">
- <link rel="stylesheet" href="css/styles/switches.css?v=1">
- <!-- Login pages styles -->
- <link rel="stylesheet" media="screen" href="css/login.css?v=1">
- <!-- JavaScript at bottom except for Modernizr -->
- <script src="js/libs/modernizr.custom.js"></script>
- <!-- For Modern Browsers -->
- <link rel="shortcut icon" href="img/favicons/favicon.png">
- <!-- For everything else -->
- <link rel="shortcut icon" href="img/favicons/favicon.ico">
- <!-- For retina screens -->
- <link rel="apple-touch-icon-precomposed" sizes="114x114" href="img/favicons/apple-touch-icon-retina.png">
- <!-- For iPad 1-->
- <link rel="apple-touch-icon-precomposed" sizes="72x72" href="img/favicons/apple-touch-icon-ipad.png">
- <!-- For iPhone 3G, iPod Touch and Android -->
- <link rel="apple-touch-icon-precomposed" href="img/favicons/apple-touch-icon.png">
- <!-- iOS web-app metas -->
- <meta name="apple-mobile-web-app-capable" content="yes">
- <meta name="apple-mobile-web-app-status-bar-style" content="black">
- <!-- Startup image for web apps -->
- <link rel="apple-touch-startup-image" href="img/splash/ipad-landscape.png" media="screen and (min-device-width: 481px) and (max-device-width: 1024px) and (orientation:landscape)">
- <link rel="apple-touch-startup-image" href="img/splash/ipad-portrait.png" media="screen and (min-device-width: 481px) and (max-device-width: 1024px) and (orientation:portrait)">
- <link rel="apple-touch-startup-image" href="img/splash/iphone.png" media="screen and (max-device-width: 320px)">
- <!-- Microsoft clear type rendering -->
- <meta http-equiv="cleartype" content="on">
- <!-- IE9 Pinned Sites: http://msdn.microsoft.com/en-us/library/gg131029.aspx -->
- <meta name="application-name" content="Developr Admin Skin">
- <meta name="msapplication-tooltip" content="Cross-platform admin template.">
- <meta name="msapplication-starturl" content="http://www.display-inline.fr/demo/developr">
- <!-- These custom tasks are examples, you need to edit them to show actual pages -->
- <meta name="msapplication-task" content="name=Agenda;action-uri=http://www.display-inline.fr/demo/developr/agenda.html;icon-uri=http://www.display-inline.fr/demo/developr/img/favicons/favicon.ico">
- <meta name="msapplication-task" content="name=My profile;action-uri=http://www.display-inline.fr/demo/developr/profile.html;icon-uri=http://www.display-inline.fr/demo/developr/img/favicons/favicon.ico">
- </head>
- <body>
- <div id="container">
- <hgroup id="login-title" class="large-margin-bottom">
- <h1 class="login-title-image">Stevens Fine Homes</h1>
- </hgroup>
- <?php
- if ($error)
- {
- ?><p class="message red-gradient"><?php echo htmlentities($error); ?><span class="close show-on-parent-hover">✕</span><span class="block-arrow bottom"><span></span></span></p>
- <?php
- }
- ?><div id="form-block" class="scratch-metal">
- <form method="post" action="index.php" id="form-login" class="input-wrapper blue-gradient glossy" title="Login">
- <ul class="inputs black-input large">
- <!-- The autocomplete="off" attributes is the only way to prevent webkit browsers from filling the inputs with yellow -->
- <li><span class="icon-user mid-margin-right"></span><input type="text" name="username" id="username" value="<?php echo $submitted_username; ?>" class="input-unstyled" placeholder="Login" autocomplete="off"></li>
- <li><span class="icon-lock mid-margin-right"></span><input type="password" name="password" id="password" value="" class="input-unstyled" placeholder="Password" autocomplete="off"></li>
- </ul>
- <p class="button-height">
- <button type="submit" class="button glossy float-right" id="login">Login</button>
- <input type="checkbox" name="remind" id="remind" value="1" checked="checked" class="switch tiny mid-margin-right with-tooltip" title="Enable auto-login">
- <label for="remind">Remember</label>
- </p>
- </form>
- </div>
- </div>
- <!-- JavaScript at the bottom for fast page loading -->
- <!-- Scripts -->
- <script src="js/libs/jquery-1.7.2.min.js"></script>
- <script src="js/setup.js"></script>
- <!-- Template functions -->
- <script src="js/developr.input.js"></script>
- <script src="js/developr.message.js"></script>
- <script src="js/developr.notify.js"></script>
- <script src="js/developr.tooltip.js"></script>
- <script>
- /*
- * How do I hook my login script to this?
- * --------------------------------------
- *
- * This script is meant to be non-obtrusive: if the user has disabled javascript or if an error occurs, the login form
- * works fine without ajax.
- *
- * The only part you need to edit is the login script between the EDIT SECTION tags, which does inputs validation
- * and send data to server. For instance, you may keep the validation and add an AJAX call to the server with the
- * credentials, then redirect to the dashboard or display an error depending on server return.
- *
- * Or if you don't trust AJAX calls, just remove the event.preventDefault() part and let the form be submitted.
- */
- $(document).ready(function()
- {
- /*
- * JS login effect
- * This script will enable effects for the login page
- */
- // Elements
- var doc = $('html').addClass('js-login'),
- container = $('#container'),
- formBlock = $('#form-block'),
- // If layout is centered
- centered;
- /******* EDIT THIS SECTION *******/
- /*
- * AJAX login
- * These functions will handle the login process through AJAX
- */
- $('#form-login').submit(function(event)
- {
- // Values
- var username = $.trim($('#username').val()),
- password = $.trim($('#password').val());
- // Check inputs
- if (username.length === 0)
- {
- // Display message
- displayError('Please fill in your username');
- return false;
- }
- else if (password.length === 0)
- {
- // Remove empty username message if displayed
- formBlock.clearMessages('Please fill in your username');
- // Display message
- displayError('Please fill in your password');
- return false;
- }
- else
- {
- // Remove previous messages
- formBlock.clearMessages();
- // Show progress
- displayLoading('Checking credentials...');
- // Stop normal behavior
- event.preventDefault();
- // AJAX call
- $.ajax(this.action, {
- type: this.method.toUpperCase(),
- data: {
- username: username,
- password: password
- },
- success: function(data)
- {
- if (data.logged)
- {
- document.location.href = 'dashboard.php';
- }
- else
- {
- formBlock.clearMessages();
- displayError(data.error || 'Invalid username/password, please try again');
- }
- },
- error: function()
- {
- formBlock.clearMessages();
- displayError('Error while contacting server, please try again');
- }
- });
- }
- });
- /******* END OF EDIT SECTION *******/
- // Handle resizing (mostly for debugging)
- function handleLoginResize()
- {
- // Detect mode
- centered = (container.css('position') === 'absolute');
- // Set min-height for mobile layout
- if (!centered)
- {
- container.css('margin-top', '');
- }
- else
- {
- if (parseInt(container.css('margin-top'), 10) === 0)
- {
- centerForm(false);
- }
- }
- };
- // Register and first call
- $(window).bind('normalized-resize', handleLoginResize);
- handleLoginResize();
- /*
- * Center function
- * @param boolean animate whether or not to animate the position change
- * @param string|element|array any jQuery selector, DOM element or set of DOM elements which should be ignored
- * @return void
- */
- function centerForm(animate, ignore)
- {
- // If layout is centered
- if (centered)
- {
- var siblings = formBlock.siblings(),
- finalSize = formBlock.outerHeight();
- // Ignored elements
- if (ignore)
- {
- siblings = siblings.not(ignore);
- }
- // Get other elements height
- siblings.each(function(i)
- {
- finalSize += $(this).outerHeight(true);
- });
- // Setup
- container[animate ? 'animate' : 'css']({ marginTop: -Math.round(finalSize/2)+'px' });
- }
- };
- // Initial vertical adjust
- centerForm(false);
- /**
- * Function to display error messages
- * @param string message the error to display
- */
- function displayError(message)
- {
- // Show message
- var message = formBlock.message(message, {
- append: false,
- arrow: 'bottom',
- classes: ['red-gradient'],
- animate: false // We'll do animation later, we need to know the message height first
- });
- // Vertical centering (where we need the message height)
- centerForm(true, 'fast');
- // Watch for closing and show with effect
- message.bind('endfade', function(event)
- {
- // This will be called once the message has faded away and is removed
- centerForm(true, message.get(0));
- }).hide().slideDown('fast');
- }
- /**
- * Function to display loading messages
- * @param string message the message to display
- */
- function displayLoading(message)
- {
- // Show message
- var message = formBlock.message('<strong>'+message+'</strong>', {
- append: false,
- arrow: 'bottom',
- classes: ['blue-gradient', 'align-center'],
- stripes: true,
- darkStripes: false,
- closable: false,
- animate: false // We'll do animation later, we need to know the message height first
- });
- // Vertical centering (where we need the message height)
- centerForm(true, 'fast');
- // Watch for closing and show with effect
- message.bind('endfade', function(event)
- {
- // This will be called once the message has faded away and is removed
- centerForm(true, message.get(0));
- }).hide().slideDown('fast');
- }
- });
- </script>
- </body>
- </html>
Add Comment
Please, Sign In to add comment