API tools faq
paste
Advertisement
tamaro_skaljic

login.php

tamaro_skaljic
Jun 27th, 2021
1,068
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.60 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Try to retrieve a user with the given username from the database.
  3. $query = "SELECT user_id, unencrypted_password, is_admin FROM public.user WHERE username = :username";
  4. $query_params = array(':username' => $username);
  5. try{
  6.     $stmt = $pdo->prepare($query);
  7.     $result = $stmt->execute($query_params);
  8. }
  9. catch(PDOException $ex){
  10.     echo '<span style="color: red">ERROR! Code: 009</span>';
  11.     exit;
  12. }
  13. $row = $stmt->fetch();
  14.  
  15. // When no user with the given username exist, the login fails
  16. if(!$row){
  17.     $error = 1;
  18. } else {
  19.     // Else get the unencrypted database from the result set
  20.     $unencrypted_password = $row['unencrypted_password'];
  21.  
  22.     // Check that the password entered matches the one in the database.
  23.     if($password == $unencrypted_password){
  24.         // When true start a new php session (creates PHPSESSID cookie among other things)
  25.         session_start();
  26.         // Save the user id and whether the user is an administrator or not as session variables
  27.         $_SESSION['user_id'] = $row['user_id'];
  28.         $_SESSION['is_admin'] = $row['is_admin'];
  29.         // When the remember me checkbox was activated in the login form, create a session_id cookie and more
  30.         if($rememberMe) {
  31.             // Generate new session ids until a unique session id is generated
  32.             while(1){
  33.                 $possible_session_id = bin2hex(openssl_random_pseudo_bytes(16));
  34.    
  35.                 $query = "SELECT 1 FROM public.user WHERE session_id = :session_id";
  36.                 $query_params = array(':session_id' => $possible_session_id);
  37.                 try{
  38.                     $stmt = $pdo->prepare($query);
  39.                     $result = $stmt->execute($query_params);
  40.                 }catch(PDOException $ex){
  41.                     echo '<span style="color: red">ERROR! Code: 005</span>';
  42.                     exit;
  43.                 }
  44.                 $row = $stmt->fetch();
  45.    
  46.                 // When no row was found with this session id
  47.                 if(empty($row)){
  48.                     // The session id is unique and the script must no longer generate new session ids
  49.                     $session_id = $possible_session_id;
  50.                     break;
  51.                 }
  52.             }
  53.    
  54.             // Set the session id of the logged in user to the generated session id
  55.             $query = "UPDATE public.user SET session_id = :session_id WHERE user_id = :user_id";
  56.             $query_params = array(':session_id' => $session_id, ':user_id' => $_SESSION['user_id']);
  57.             try{
  58.                 $stmt = $pdo->prepare($query);
  59.                 $result = $stmt->execute($query_params);
  60.             }catch(PDOException $ex){
  61.                 echo '<span style="color: red">ERROR! Code: 006</span>';
  62.                 exit;
  63.             }
  64.    
  65.             // Set the new session id as session variable and as value of the session cookie
  66.             setcookie("session_id", $session_id, time()+259200, "/chat/");
  67.         }
  68.     } else {
  69.         // When the passwords don't match, the login fails
  70.         $error = 1;
  71.     }
  72. }
  73. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!