<?php //echo "login.php"; function logIn($username, $password, $ip) {

1. <?php
2.  
3. //echo "login.php";
4.  
5. function logIn($username, $password, $ip) {
6. require_once("connect.php");
7. $username = mysqli_real_escape_string($link, $username);
8. $password = mysqli_real_escape_string($link, $password);
9. $loginString = "SELECT * FROM tbl_user WHERE user_name='{$username}' AND user_pass='{$password}'";
10. $user_set = mysqli_query($link, $loginString);
11. $attemptString = "SELECT user_attempt FROM tbl_user WHERE user_name='{$username}'";
12. $users_attempts = mysqli_query($link, $attemptString);
13. //echo $user_attempts;
14. //echo $attemptString;
15. //echo mysqli_num_rows($user_set); //was there a match
16. date_default_timezone_set('US/Eastern');
17. if(mysqli_num_rows($user_set)){
18. $found_user = mysqli_fetch_array($user_set, MYSQLI_ASSOC);
19. //echo $found_user ['user_fname'];
20. $id = $found_user['user_id'];
21. $_SESSION['users_creds'] = $id;
22. $_SESSION['users_mylgn'] = $found_user['user_lstlgn'];
23. $_SESSION['users_name'] = $found_user['user_name'];
24. $_SESSION['users_fname'] = $found_user['user_fname'];
25. //$userloginAttempts = "UPDATE tbl_user SET user_attempt='{$currentAttempt}' WHERE user_id={$id}";
26. if(mysqli_query($link, $loginString)) {
27. $updateString = "UPDATE tbl_user SET user_ip='{$ip}' WHERE user_id={$id}";
28. $updateQuery = mysqli_query($link, $updateString);
29. $currDate = date('Y-m-d H:i:s');
30. $userloginTime = "UPDATE tbl_user SET user_lstlgn='{$currDate}' WHERE user_id={$id}";
31.  
32. $updateQueryTime = mysqli_query($link, $userloginTime);
33. //$updateQueryLogins = "UPDATE tbl_user SET user_attempt = 0 user_name = '{$username}'"; //reset count on successful login
34. $updateQueryLogins = "UPDATE tbl_user SET user_attempt = '0' WHERE user_id = '{id}'";
35.  
36. $updateQueryLoginsToDB = mysqli_query($link, $updateQueryLogins);
37. }
38.  
39. redirect_to("admin_index.php");
40.  
41. } else {
42. $users_attempts = mysqli_query($link, $attemptString);
43. $attemptString = "SELECT user_attempt FROM tbl_user WHERE user_name='{$username}'";
44. //$found_user = mysqli_fetch_array($attemptString, MYSQLI_ASSOC); //Errors
45. $found_user = mysqli_fetch_array($users_attempts, MYSQLI_ASSOC);
46. $failed_attempts = $found_user['user_attempt'];
47.  
48. if ($failed_attempts > 2) {
49. echo "locked";
50. $updateAttempt = "UPDATE tbl_user SET user_attempt = user_attempt + 1 WHERE user_name = '{$username}'";
51. $expirDate = date('Y-m-d H:i:s');
52. $userloginTime = "UPDATE tbl_user SET user_expir='{$expirDate}' WHERE user_name = '{$username}'";
53. } else{
54. $updateAttempt = "UPDATE tbl_user SET user_attempt = user_attempt + 1 WHERE user_name = '{$username}'";
55. }
56. $updateQueryTime = mysqli_query($link, $updateAttempt);
57.  
58.  
59.  
60. //for ($userAttempt = 0; $userAttempt <= 3;$userAttempts++){
61. //$currentAttempt = $userAttempt;
62. //$userloginAttempts = "UPDATE tbl_user SET user_attempt='{$currentAttempt}' WHERE user_id={$id}";
63. //$updateQueryAttempts = mysqli_query($link, $userloginAttempts);
64.  
65. //$found_user = mysqli_fetch_array($user_set, MYSQLI_ASSOC);
66. //echo $found_user ['user_fname'];
67.  
68. $message = "Username or password was incorrect. Please try again.";
69. //echo $currentAttempt;
70.  
71. //if($currentAttempt > 3){
72. //echo "oml";
73. //}
74.  
75. return $message;
76.  
77. }
78.  
79.  
80. mysqli_close($link);
81. }
82.  
83. ?>