Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (!isset($_POST['remember']) && isset($_POST['user'])) {
- if (isset($_COOKIE['remember_me'])) {
- $past = time() - 100;
- setcookie('remember_me', gone, $past);
- }
- }
- require_once 'header.php';
- error_reporting(0);
- if (isset($_POST['user'])) {
- $user = $_POST['user'];
- $pass = $_POST['pass'];
- $hide = sanitizeString($_POST['hide']);
- $userIp = $_SERVER['REMOTE_ADDR'];
- $now = date('r');
- if ($user === "" || $pass === "" || $hide != "") {
- $error = "<div class='alert alert-danger text-center animated shake'>Not all fields were entered</div>";
- } elseif (!preg_match('~^[a-z0-9_.-]+$~i', $user)) {
- $error = "<div class='alert alert-danger text-center animated shake'>Usernames must be all lowercase. They can only contain letters, numbers, periods, hyphens, and underscores</div>";
- } else {
- $stmt = $con->prepare("SELECT pass, user FROM members WHERE user= (?) LIMIT 1");
- $stmt->bind_param('s', $user);
- $stmt->execute();
- $result = $stmt->get_result();
- $num = $result->num_rows;
- $row = $result->fetch_array(MYSQLI_ASSOC);
- if (password_verify($pass, $row['pass']) && $row['user'] == $user) {
- $stmt = $con->prepare("UPDATE `members` SET `logins`=logins + 1 WHERE user= (?)");
- $stmt->bind_param('s', $user);
- $stmt->execute();
- $result = $stmt->get_result();
- $_SESSION['user'] = $user;
- $_SESSION['canary'] = time();
- $_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']);
- $stmt = $con->prepare("SELECT logins FROM members WHERE user=(?)");
- $stmt->bind_param('s', $user);
- $stmt->execute();
- $result = $stmt->get_result();
- $num = $result->num_rows;
- $row = $result->fetch_array(MYSQLI_ASSOC);
- if ($row['logins'] == 1) {
- queryMysql("INSERT INTO leave_type (user, hours, leave_start, leave_end, leave_reason, leave_type)
- VALUES ('$user', '24.00', '2016-01-08T06:30:00', '2016-01-09T06:30:00', 'Example Leave', 'Annual')
- ");
- die("<br><br><script>setTimeout(function () {
- window.location.href='FullscreenForm.php'; // the redirect goes here
- }, 100); // 5 seconds</script>
- <div class='alert alert-info text-center animated bounceInDown'>Hi. Since this is your first time logging in Please go to the <a href='FullscreenForm.php'>" .
- "Edit Profile</a> page and input your information so the app will work correctly. Or just wait and you'll be redirected</div>");
- } else {
- die("<br><br><script>setTimeout(function () {
- window.location.href='members.php?view=$user'; // the redirect goes here
- }, 0); </script><div class='alert alert-success text-center animated bounceInDown'>You are now logged in. Please <a href='members.php?view=$user'>" .
- "click here</a> to continue.</div>");
- }
- } else {
- //queryMysql("INSERT INTO failedlogins (user,pass,hide,ip,time)VALUES('$user', '$pass', '$hide', '$userIp','$now')");
- $stmt=$con->prepare("INSERT INTO failedlogins (user,pass,hide,ip,time)VALUES((?), (?), (?), (?), (?))");
- $stmt->bind_param('sssss', $user, $pass, $hide, $userIp, $now);
- $stmt->execute();
- $error = "<div class='alert alert-danger text-center animated shake'><span class='error'>Username/Password
- invalid</span></div>";
- }
- }
- }
- require_once 'functions.php';
- error_reporting(0);
- $year = time() + 31536000;
- if ($_POST['remember']) {
- setcookie('remember_me', $_POST['user'], $year);
- } elseif (isset($_GET['username'])) {
- setcookie('remember_me', $_GET['username'], $year);
- echo "
- <script type='text/javascript'>
- $(document).ready(function(){
- //Check if the current URL contains '#'
- if(document.URL.indexOf('#')==-1){
- // Set the URL to whatever it was plus '#'.
- url = document.URL+'#';
- location = '#';
- //Reload the page
- location.reload(true);
- }
- });
- </script>";
- }
- $params = session_get_cookie_params();
- setcookie(session_name(), $_COOKIE[session_name()], time() + 60*60*24*3, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
- session_start();
- if (!isset($_SESSION['canary'])) {
- session_regenerate_id(true);
- $_SESSION['canary'] = time();
- }
- // Regenerate session ID every five minutes:
- if ($_SESSION['canary'] < time() - 300) {
- session_regenerate_id(true);
- $_SESSION['canary'] = time();
- }
- //checks if user agent has changed on all page requests and logs out if changed
- if (isset($_SESSION['HTTP_USER_AGENT'])) {
- if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
- destroySession();
- }
- } else {
- $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
- }
- $userstr = ' (Guest)';
- $phpself = htmlspecialchars($_SERVER["PHP_SELF"]);
- if (isset($_SESSION['user'])) {
- $user = $_SESSION['user'];
- $loggedin = true;
- $userstr = " $user";
- } else {
- $loggedin = false;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement