Untitled

<?php

if (!isset($_POST['remember']) && isset($_POST['user'])) {
    if (isset($_COOKIE['remember_me'])) {
        $past = time() - 100;
        setcookie('remember_me', gone, $past);
    }
}
  require_once 'header.php';

  error_reporting(0);

  if (isset($_POST['user'])) {
      $user = $_POST['user'];
      $pass = $_POST['pass'];
      $hide = sanitizeString($_POST['hide']);
      $userIp = $_SERVER['REMOTE_ADDR'];
      $now = date('r');


      if ($user === "" || $pass === "" || $hide != "") {
          $error = "<div class='alert alert-danger text-center animated shake'>Not all fields were entered</div>";
      } elseif (!preg_match('~^[a-z0-9_.-]+$~i', $user)) {
          $error = "<div class='alert alert-danger text-center animated shake'>Usernames must be all lowercase. They can only contain letters, numbers, periods, hyphens, and underscores</div>";
      } else {
          $stmt = $con->prepare("SELECT pass, user FROM members WHERE user= (?) LIMIT 1");
          $stmt->bind_param('s', $user);

          $stmt->execute();

          $result = $stmt->get_result();
          $num    = $result->num_rows;
          $row    = $result->fetch_array(MYSQLI_ASSOC);

          if (password_verify($pass, $row['pass']) && $row['user'] == $user) {
              $stmt = $con->prepare("UPDATE `members` SET `logins`=logins + 1 WHERE user= (?)");
              $stmt->bind_param('s', $user);

              $stmt->execute();

              $result = $stmt->get_result();

              $_SESSION['user'] = $user;
              $_SESSION['canary'] = time();
              $_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']);

              $stmt = $con->prepare("SELECT logins FROM members WHERE user=(?)");
              $stmt->bind_param('s', $user);

              $stmt->execute();

              $result = $stmt->get_result();
              $num    = $result->num_rows;
              $row = $result->fetch_array(MYSQLI_ASSOC);

              if ($row['logins'] == 1) {
                  queryMysql("INSERT INTO leave_type (user, hours, leave_start, leave_end, leave_reason, leave_type)
                    VALUES ('$user', '24.00', '2016-01-08T06:30:00', '2016-01-09T06:30:00', 'Example Leave', 'Annual')
                  ");
                  die("<br><br><script>setTimeout(function () {
                              window.location.href='FullscreenForm.php'; // the redirect goes here
                            }, 100); // 5 seconds</script>
                  <div class='alert alert-info text-center animated bounceInDown'>Hi. Since this is your first time logging in Please go to the <a href='FullscreenForm.php'>" .
                  "Edit Profile</a> page and input your information so the app will work correctly. Or just wait and you'll be redirected</div>");
              } else {
                  die("<br><br><script>setTimeout(function () {
                              window.location.href='members.php?view=$user'; // the redirect goes here
                            }, 0); </script><div class='alert alert-success text-center animated bounceInDown'>You are now logged in. Please <a href='members.php?view=$user'>" .
                    "click here</a> to continue.</div>");
              }
          } else {
              //queryMysql("INSERT INTO failedlogins (user,pass,hide,ip,time)VALUES('$user', '$pass', '$hide', '$userIp','$now')");
              $stmt=$con->prepare("INSERT INTO failedlogins (user,pass,hide,ip,time)VALUES((?), (?), (?), (?), (?))");
              $stmt->bind_param('sssss', $user, $pass, $hide, $userIp, $now);
              $stmt->execute();

              $error = "<div class='alert alert-danger text-center animated shake'><span class='error'>Username/Password
                  invalid</span></div>";
          }
      }
  }

require_once 'functions.php';
error_reporting(0);
$year = time() + 31536000;

if ($_POST['remember']) {
    setcookie('remember_me', $_POST['user'], $year);
} elseif (isset($_GET['username'])) {
    setcookie('remember_me', $_GET['username'], $year);
    echo "
          <script type='text/javascript'>
          $(document).ready(function(){
              //Check if the current URL contains '#'
              if(document.URL.indexOf('#')==-1){
                  // Set the URL to whatever it was plus '#'.
                  url = document.URL+'#';
                  location = '#';

                  //Reload the page
                  location.reload(true);
              }
          });
          </script>";
}
  $params = session_get_cookie_params();
  setcookie(session_name(), $_COOKIE[session_name()], time() + 60*60*24*3, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);


  session_start();

  if (!isset($_SESSION['canary'])) {
      session_regenerate_id(true);
      $_SESSION['canary'] = time();
  }
// Regenerate session ID every five minutes:
  if ($_SESSION['canary'] < time() - 300) {
     session_regenerate_id(true);
     $_SESSION['canary'] = time();
}
  //checks if user agent has changed on all page requests and logs out if changed
  if (isset($_SESSION['HTTP_USER_AGENT'])) {
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
        destroySession();
    }
  } else {
    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
 }

  $userstr = ' (Guest)';
  $phpself = htmlspecialchars($_SERVER["PHP_SELF"]);

  if (isset($_SESSION['user'])) {
      $user     = $_SESSION['user'];
      $loggedin = true;
      $userstr  = " $user";
  } else {
      $loggedin = false;
  }