Advertisement
tamaro_skaljic

login.php

Jun 27th, 2021
1,064
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.60 KB | None | 0 0
  1. <?php
  2. // Try to retrieve a user with the given username from the database.
  3. $query = "SELECT user_id, unencrypted_password, is_admin FROM public.user WHERE username = :username";
  4. $query_params = array(':username' => $username);
  5. try{
  6.     $stmt = $pdo->prepare($query);
  7.     $result = $stmt->execute($query_params);
  8. }
  9. catch(PDOException $ex){
  10.     echo '<span style="color: red">ERROR! Code: 009</span>';
  11.     exit;
  12. }
  13. $row = $stmt->fetch();
  14.  
  15. // When no user with the given username exist, the login fails
  16. if(!$row){
  17.     $error = 1;
  18. } else {
  19.     // Else get the unencrypted database from the result set
  20.     $unencrypted_password = $row['unencrypted_password'];
  21.  
  22.     // Check that the password entered matches the one in the database.
  23.     if($password == $unencrypted_password){
  24.         // When true start a new php session (creates PHPSESSID cookie among other things)
  25.         session_start();
  26.         // Save the user id and whether the user is an administrator or not as session variables
  27.         $_SESSION['user_id'] = $row['user_id'];
  28.         $_SESSION['is_admin'] = $row['is_admin'];
  29.         // When the remember me checkbox was activated in the login form, create a session_id cookie and more
  30.         if($rememberMe) {
  31.             // Generate new session ids until a unique session id is generated
  32.             while(1){
  33.                 $possible_session_id = bin2hex(openssl_random_pseudo_bytes(16));
  34.    
  35.                 $query = "SELECT 1 FROM public.user WHERE session_id = :session_id";
  36.                 $query_params = array(':session_id' => $possible_session_id);
  37.                 try{
  38.                     $stmt = $pdo->prepare($query);
  39.                     $result = $stmt->execute($query_params);
  40.                 }catch(PDOException $ex){
  41.                     echo '<span style="color: red">ERROR! Code: 005</span>';
  42.                     exit;
  43.                 }
  44.                 $row = $stmt->fetch();
  45.    
  46.                 // When no row was found with this session id
  47.                 if(empty($row)){
  48.                     // The session id is unique and the script must no longer generate new session ids
  49.                     $session_id = $possible_session_id;
  50.                     break;
  51.                 }
  52.             }
  53.    
  54.             // Set the session id of the logged in user to the generated session id
  55.             $query = "UPDATE public.user SET session_id = :session_id WHERE user_id = :user_id";
  56.             $query_params = array(':session_id' => $session_id, ':user_id' => $_SESSION['user_id']);
  57.             try{
  58.                 $stmt = $pdo->prepare($query);
  59.                 $result = $stmt->execute($query_params);
  60.             }catch(PDOException $ex){
  61.                 echo '<span style="color: red">ERROR! Code: 006</span>';
  62.                 exit;
  63.             }
  64.    
  65.             // Set the new session id as session variable and as value of the session cookie
  66.             setcookie("session_id", $session_id, time()+259200, "/chat/");
  67.         }
  68.     } else {
  69.         // When the passwords don't match, the login fails
  70.         $error = 1;
  71.     }
  72. }
  73. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement