Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //set session
- session_start();
- //generate session id
- //$sessionId = hash('whirlpool', (uniqid(microtime()) . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));
- //set session id
- //$_SESSION['SESID'] = $sessionId;
- //set default session status
- //$_SESSION['SESSTATUS'] = "false";
- //Include header
- include_once ("header.php");
- echo "<title>Login</title>";
- echo "</head>";
- echo "<body>";
- //Define database connection details
- define('DB_NAME', 'test');
- define('DB_USER', 'root');
- define('DB_PASSWORD', '');
- define('DB_HOST', 'localhost');
- //Autoload classes
- function __autoload($class_name) {
- require_once "classes/$class_name.class.php";
- }
- //check for status from form
- if(isset($_POST['status'])){
- $submit = $_POST['status'];
- if($submit == 'login'){
- //start instance of class Secure
- $secure = new secure;
- //make data secure
- $inputUsername = $_POST['username'];
- $inputPassword = $_POST['password'];
- $username = $secure->sanitizeUsername($inputUsername);
- $password = $secure->sanitizePassword($inputPassword);
- //start db connection
- $dbObj = new PDOcon("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USER, DB_PASSWORD, array(PDO::ATTR_PERSISTENT, false));
- $dbFetch = $dbObj->queryFetchAllAssoc("SELECT email, password FROM `test` WHERE `email` = '".$username."' AND `password` = '".$password."'");
- //count number of elements fetched from databse. If 1 then password/username is correct.
- $count = count($dbFetch);
- if($count == '1'){
- //extra check for password
- if($password == $dbFetch[0]['password']){
- //extra check for username
- if($username == $dbFetch[0]['email']){
- //set sessionstatus to true to indicated that login was succeeded
- $_SESSION['SESSTATUS'] = "true";
- //generate session id
- $sessionId = hash('whirlpool', (uniqid(microtime()) . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']));
- //set session id
- $_SESSION['SESID'] = $sessionId;
- //congratulate user with login
- echo "Gefeliciteerd ".$username.", u bent succesvol ingelogd.<br>";
- //set sessionid in cookie
- setcookie("LoginCookie", $sessionId, time()+3600, "/", ".127.0.0.1", 0,0);
- echo "<b><a href=\"logincheck.php\" target=\"_self\">Check login</a></b> <br>";
- }
- //if usercheck fails
- else{
- echo "De gebruikersnaam of het wachtwoord is onjuist.<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Opnieuw inloggen</a></b> <br>";
- }
- }
- //if passwordcheck fails
- else{
- echo "De gebruikersnaam of het wachtwoord is onjuist.<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Opnieuw inloggen</a></b> <br>";
- }
- }
- //if logincheck in db fails
- else{
- echo "De gebruikersnaam of het wachtwoord is onjuist.<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Opnieuw inloggen</a></b> <br>";
- }
- }
- //if status from form is logout, log user out
- elseif($submit == 'logout'){
- $_SESSION['SESSTATUS'] = "false";
- echo "U bent uitgelogd<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Log hier in opnieuw in.</a></b> <br>";
- }
- else{
- echo "U bent niet ingelogd<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Log hier in.</a></b> <br>";
- }
- }
- //if no _POST status, check for session
- else{
- if(isset($_SESSION['SESID'])){
- if ($_SESSION['SESSTATUS'] == "true") {
- echo "U bent ingelogd.";
- echo "<form action=\"login.php\" method=\"post\">";
- echo "<INPUT TYPE=\"hidden\" NAME=\"status\" VALUE=\"logout\">";
- echo "<input type=\"submit\" value=\"Logout\" />";
- echo "</form>";
- }
- else{
- echo"U bent niet ingelogd<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Log hier in.</a></b> <br>";
- }
- }
- else{
- echo"U bent niet ingelogd<br>";
- echo "<b><a href=\"index.php\" target=\"_self\">Log hier in.</a></b> <br>";
- }
- }
- //manual check into session
- print_r($_SESSION);
- //include footer
- include_once("footer.php");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
