Login.pjp

1. <?php
2.  
3.  
4. include 'db.php';
5. include 'dbc.php';
6.  
7. $result = mysqli_query($con, "SELECT * FROM `settings`");
8.  
9. $settings = mysqli_fetch_array($result);
10.  
11.  
12.  
13. if ($_POST['doLogin']=='Login')
14. {
15.  
16.  
17. $user_name = $_POST['username'];
18. $pass = $_POST['password'];
19.  
20. $sql = "SELECT `id`,`pwd`,`user_name`,`approved`,`user_level` FROM users WHERE user_name='$user_name' AND `banned` = '0'";
21.  
22. $result = mysqli_query($con, $sql);
23.  
24. $num = mysqli_num_rows($result);
25.  
26. // Match row found with more than 1 results - the user is authenticated.
27. if ( $num > 0 ) {
28.  
29. list($id,$pwd,$user_name,$approved,$user_level) = mysqli_fetch_row($result);
30.  
31. if(!$approved) {
32. $msg = "Account not activated. Please check your email for activation code";
33. }
34.  
35. //check against salt
36. if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
37. if(empty($msg)){
38.  
39. // this sets session and logs user in
40. session_start();
41. session_regenerate_id (true); //prevent against session fixation attacks.
42.  
43. // this sets variables in the session
44. $_SESSION['user_id']= $id;
45. $_SESSION['user_name'] = $user_name;
46. $_SESSION['user_level'] = $user_level;
47. $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
48.  
49. //update the timestamp and key for cookie
50. $stamp = time();
51. $ckey = GenKey();
52. $sql = "update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'";
53. mysqli_query($con, $sql);
54.  
55. //set a cookie
56.  
57. if(isset($_POST['remember'])){
58. setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
59. setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
60. setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
61. }
62. header("Location: index.php");
63.  
64. }
65. }
66. else
67. {
68. $msg = "Invalid Login. Please try again with correct user email and password. ";
69.  
70. }
71. } else {
72. $msg = "Invalid login. No such user exists";
73. }
74. }
75.  
76. ?>
77.  
78. <html><head>
79. <meta charset="utf-8">
80. <title><?php echo $settings['title']; ?> - Sign In</title>
81. <meta name="keywords" content="">
82. <meta name="description" content="">
83. <meta name="author" content="">
84. <meta name="viewport" content="width=device-width, initial-scale=1.0">
85. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700,800">
86. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Roboto:400,500,700,300">
87. <link rel="stylesheet" type="text/css" href="assets/skin/default_skin/css/theme.css">
88. <link rel="stylesheet" type="text/css" href="assets/admin-tools/admin-forms/css/admin-forms.css">
89. <link rel="shortcut icon" href="assets/img/favicon.ico">
90. <style type="text/css"></style><style type="text/css"></style></head>
91.  
92. <body class="external-page sb-l-c sb-r-c onload-check">
93.  
94. <div id="main" class="animated fadeIn">
95.  
96. <section id="content_wrapper">
97.  
98. <div id="canvas-wrapper" style="height: 464px;">
99. <canvas id="demo-canvas" width="1366" height="464"></canvas>
100. </div>
101.  
102. <section id="content">
103.  
104. <div class="admin-form theme-info" id="login1">
105.  
106. <div class="row mb15 table-layout">
107.  
108. <div class="col-xs-6 va-m pln">
109. <a> </a>
110. </div>
111.  
112. <div class="col-xs-6 text-right va-b pr5">
113. <div class="login-links">
114. <a href="login.php" class="active" title="Sign In">Sign In</a>
115. <span class="text-white"> | </span>
116. <a href="register.php" class="" title="Register">Register</a>
117. </div>
118.  
119. </div>
120.  
121. </div>
122.  
123. <div class="panel panel-info mt10 br-n">
124.  
125. <div class="panel-heading heading-border bg-white">
126. <?php
127.  
128. if(!empty($msg)){
129.  
130. echo "<div class=\"alert .alert-micro alert-danger alert-dismissable\">
131. <button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">×</button>
132. <i class=\"fa fa-remove pr10\"></i>
133. <strong>Error!</strong> $msg</div>";
134.  
135. }
136.  
137. ?>
138.  
139. </div>
140.  
141. <form action="login.php" method="post">
142. <div class="panel-body bg-light p30">
143. <div class="section-divider mt10 mb40">
144. <span>Sign In</span>
145. </div>
146. <div class="row">
147. <div class="col-sm-12 pr30">
148. <div class="section">
149.  
150. <input type="text" name="username" id="username" class="gui-input" placeholder="Enter username">
151.  
152. </div>
153. <div class="section">
154.  
155. <input type="password" name="password" id="password" class="gui-input" placeholder="Enter password">
156.  
157. </div>
158.  
159.  
160. </div>
161.  
162. </div>
163. </div>
164.  
165. <div class="panel-footer clearfix p10 ph15">
166. <input type="submit" class="button btn-primary mr10 pull-right" name="doLogin" value="Login">
167. <label class="switch block switch-primary pull-left input-align mt10">
168. <input type="checkbox" name="remember" id="remember" checked>
169. <label for="remember" data-on="YES" data-off="NO"></label>
170. <span>Remember me</span>
171. </label>
172. </div>
173. </form>
174. </div>
175. </div>
176.  
177. </section>
178.  
179. </section>
180.  
181. </div>
182.  
183.  
184.  
185. <div class="jvectormap-label"></div><div class="jvectormap-label"></div></body></html>