API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 13th, 2016
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. if($_SERVER["HTTPS"] != "on") {
  4.  $pageURL = "www.seth0.net/alkmaar";
  5.  if ($_SERVER["SERVER_PORT"] != "80") {
  6.   $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
  7.  } else {
  8.   $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
  9.  }
  10.  header($pageURL);
  11. }
  12.  
  13.  
  14. // Load includes
  15. require ('dbconnect.php');
  16. require ('globals.php');
  17. require ('querys.php');
  18. $sql = new mysql();
  19. $querys = new querys($sql);
  20. $global = new globals($sql, $querys);
  21. // Store HTML Login form as a variable
  22. $loginform='
  23. <!DOCTYPE html>
  24. <html lang="en">
  25.  <head>
  26.    <meta charset="utf-8">
  27.    <meta name="viewport" content="width=device-width, initial-scale=1.0">
  28.    <title> '.$PRODUCT_HEADER.' : Login</title>
  29.    <link href="files/css/bootstrap.min.css" rel="stylesheet">
  30.    <link href="files/css/login.css" rel="stylesheet">
  31.    <link href="files/css/font-awesome.min.css" rel="stylesheet">
  32.    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
  33.    <!--[if lt IE 9]>
  34.      <script src="files/js/html5shiv.js"></script>
  35.      <script src="files/js/respond.min.js"></script>
  36.    <![endif]-->
  37.  </head>
  38.  <body>';
  39. // Here we will handle some different login errors
  40. if(isset($_GET['err_disabled'])) {
  41.     $loginform .=' <div class="alert alert-danger text-center"><strong>Account Disabled.</strong> You may have used the wrong password too many times.</div>';
  42. } elseif(isset($_GET['err_failedauth'])) {
  43.     $loginform .=' <div class="alert alert-danger text-center"><strong>Oops!</strong> Login failed, please try again.</div>';
  44. } elseif(isset($_GET['err_session'])) {
  45.     $loginform .=' <div class="alert alert-danger text-center"><strong>Invalid or non-existent session.</strong> Please login.</div>';
  46. } elseif(isset($_GET['logout'])) {
  47.     $loginform .=' <div class="alert alert-success text-center"><strong>Success!</strong> You have logged out. Please login to continue working.</div>';
  48. } else {
  49.     $loginform .=' <div class="well text-center">This is a secure area, your IP Address <strong>' . $global->getIP() . '</strong> has been logged. No unauthorized access permitted.</div>';
  50. }
  51. // Continue with the login form
  52. $loginform .='    <div class="container">
  53.      <form class="form-signin" role="form" method="post" action="login.php">
  54.        <h1 class="form-signin-heading"><img src="files/logo.png" alt="Instrument Repair Portal"></h1>
  55.        <div class="form-group input-group">
  56.        <span class="input-group-addon"><i class="fa fa-user"></i></span>
  57.        <input type="text" id="username" name="username" class="form-control" placeholder="Username" required autofocus>
  58.        </div>
  59.        <div class="form-group input-group">
  60.        <span class="input-group-addon"><i class="fa fa-lock"></i></span>
  61.        <input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
  62.        </div>
  63.        <button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
  64.      </form>
  65.      <div class="footer text-center">'.$PRODUCT_FOOTER.'</div>
  66.    </div>
  67.  </body>
  68. </html>
  69. ';
  70. // Get the time in a nice format for later
  71. $now = date("d-m-Y H:i:s");
  72. // Proceed with authentication if we recieved form data
  73. if ((isset($_POST['username']) && isset($_POST['password']))) {
  74.  
  75. // Get password from database and encrypt the password we recieved from POST
  76. $getpass = $sql->runQuery($querys->getPassword($username));
  77. $dbpass = $getpass['password'];
  78. $encpass = $global->rebuildEncryption($password, $dbpass);
  79. // Authenticate
  80. $numrows = $sql->runNumRowsQuery($querys->getUserDetails($username, $encpass));
  81. $dbUserDetails = $sql->runQuery($querys->getUserDetails($username, $encpass));
  82. // Check to see if login was successful
  83. if ($numrows != 0) {
  84.     // Proceed if the account is not disabled
  85.     if ($dbUserDetails['userlevel'] != 0) {
  86.         // Initialize session
  87.         session_start();
  88.         $_SESSION['id'] = session_id();
  89.         $_SESSION['userAgent'] = $global->SessEncrypt($_SERVER['HTTP_USER_AGENT']);
  90.         $_SESSION['userlevel'] = $dbUserDetails['userlevel'];
  91.         $_SESSION['userid'] = $dbUserDetails['uid'];
  92.    
  93.         // Write session information to database
  94.         $updateUserSession = $sql->updateQuery($querys->updateUserSession($_SESSION['userid'], $_SESSION['id']));
  95.         $updateUserAgent = $sql->updateQuery($querys->updateUserAgent($_SESSION['userid'], $_SESSION['userAgent']));
  96.         // Log the successful login to auth table
  97.         $sql->insertQuery($querys->insertAuthlog($dbUserDetails['uid'], 1, $global->getIP(), $now));
  98.        
  99.     // Update IP and timestamp against user account
  100.     $sql->updateQuery($querys->updateUserLastlog($dbUserDetails['uid'], $global->getIP(), $now));
  101.         // Send to joblist.php
  102.         header("Location: joblist.php");
  103.     } else {
  104.         // If the account is disabled
  105.         // Send them back to login page with disabled message
  106.         header("Location: login.php?err_disabled");
  107.     }
  108. } else {
  109.     // If authentication failed
  110.     // Make sure any existing session is destroyed
  111.     session_start();
  112.     session_unset();
  113.     session_destroy();
  114.    
  115.     // Log the failure
  116.     $sql->insertQuery($querys->insertAuthlog($dbUserDetails['uid'], 0, $global->getIP(), $now));
  117.     // Send them back to login page with failed message
  118.     header("Location: login.php?err_failedauth");
  119. }
  120. } else {
  121.     // Make sure any existing session is destroyed
  122.     session_start();
  123.     session_unset();
  124.     session_destroy();
  125.     // Send them to login as we didn't recieve POST data
  126.     echo $loginform;
  127. }
  128. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!