API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 6th, 2017
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.22 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. //ASSIGNING USER AND PASS VARIABLES FROM THE POST LOGIN FORM
  4. $user=$_POST['email'];
  5. $pass=$_POST['password'];
  6. //ASSIGNING THE INDEX PAGE STORED IN THE SESSION VARIABLE
  7. $index=$_SESSION['index'];
  8. //CONVERTING THE USERNAME TO ALL LOWERCASE
  9. $user=strtolower($user);
  10. $counter=1;
  11. //IF THE USERNAME IS BLANK THEN SEND THE USER BACK TO THE INDEX PAGE WITH AN ERROR
  12. if (!isset($user)){
  13. unset($_SESSION['login']);
  14. $_SESSION['lerror'] = 2;
  15. if(!isset($_SESSION['login'])){
  16. header("Location: ".$index);
  17. }
  18. }else{
  19. //SQL SETTINGS VARIABLES
  20. include('/var/www/includes/sqlconfig.php');
  21. try{
  22. $DB->query("SELECT * FROM `$Refunds_Database_Name`.`accounts` WHERE `username` = :user LIMIT 1");
  23. $DB->bind(':user',$user);
  24. $result = $DB->single_ASSOC();
  25. //IF THE USER NAME IS FOUND IN DATABSE
  26. if($result){
  27. $userfound = 1;
  28.  
  29. $userid = $result['id'];
  30. $userpass = $result['password'];
  31. $useremail = $result['email'];
  32. $department = $result['department'];
  33. $role = $result['role'];
  34. $firstname = $result['first'];
  35. $lastname = $result['last'];
  36. $level = $result['level'];
  37.  
  38. $hashpass = hash('sha256',$pass.$user);
  39. if ($userpass === $hashpass){
  40. $passmatch = 1;
  41. }
  42. //IF THE USER NAME IS NOT FOUND IN DATABASE
  43. }else{
  44. $userfound=0;
  45. }
  46. }
  47. catch(PDOException $e){
  48. $_SESSION['lerror'] = "<br>" . $e->getMessage();
  49. die($_SESSION['lerror']);
  50. }
  51. //IF USER NAME AND PASSWORD MATCH
  52. if ($userfound == 1 && $passmatch == 1){
  53. //ASSIGNS SESSION VARIABLES IF AUTHENTICATION IS COMPLETED
  54. $_SESSION['user_fullname'] = $firstname." ".$lastname;
  55. $_SESSION['user_firstname'] = $firstname;
  56. $_SESSION['user_lastname'] = $lastname;
  57. $_SESSION['username'] = $user;
  58. $_SESSION['userid'] = $userid;
  59. $_SESSION['role'] = $role;
  60. $_SESSION['useremail'] = $useremail;
  61. $_SESSION['login'] = true;
  62. $_SESSION['department'] = $department;
  63. $_SESSION['level'] = $level;
  64. $_SESSION['RIP'] = $_SERVER['REMOTE_ADDR'];
  65. if(isset($_SERVER['REMOTE_HOST'])){ $_SESSION['RHOST'] = $_SERVER['REMOTE_HOST']; }
  66. else{ $_SESSION['RHOST'] = ''; }
  67. $_SESSION['RPORT'] = $_SERVER['REMOTE_PORT'];
  68. if(isset($_SERVER['REMOTE_USER'])){ $_SESSION['RUSER'] = $_SERVER['REMOTE_USER']; }
  69. else{ $_SESSION['RUSER'] = ''; }
  70. $_SESSION['RAGENT'] = $_SERVER['HTTP_USER_AGENT'];
  71. //CREATES A DATE & TIME VARIABLE THAT IS FORMATTED FOR MYSQL
  72. $datetime = date_create()->format('Y-m-d H:i:s');
  73. //LOGS USERS LOGIN INTO THE DATABASE
  74. $DB->query("INSERT INTO `$Refunds_Database_Name`.`users` (`id`,`department`,`username`,`fullname`,`first`,`last`,`RIP`,`RHOST`,`RPORT`,`RUSER`,`RAGENT`,`login`,`logindatetime`,`logout`,`logoutdatetime`) VALUES (:userid,:department,:username,:user_fullname,:user_firstname,:user_lastname,:RIP,:RHOST,:RPORT,:RUSER,:RAGENT,1,:datetime,0,NULL)");
  75. $DB->bind(':userid',$_SESSION['userid']);
  76. $DB->bind(':department',$_SESSION['department']);
  77. $DB->bind(':username',$_SESSION['username']);
  78. $DB->bind(':user_fullname',$_SESSION['user_fullname']);
  79. $DB->bind(':user_firstname',$_SESSION['user_firstname']);
  80. $DB->bind(':user_lastname',$_SESSION['user_lastname']);
  81. $DB->bind(':RIP',$_SERVER['REMOTE_ADDR']);
  82. $DB->bind(':RHOST',$_SESSION['RHOST']);
  83. $DB->bind(':RPORT',$_SERVER['REMOTE_PORT']);
  84. $DB->bind(':RUSER',$_SESSION['RUSER']);
  85. $DB->bind(':RAGENT',$_SERVER['HTTP_USER_AGENT']);
  86. $DB->bind(':datetime',$datetime);
  87. $DB->execute();
  88. //UNSETS THE LOGIN ERROR SESSION VARIABLE
  89. unset($_SESSION['lerror']);
  90. //SETTING THE LOGGING USER ID SESSION VARIABLE TO THE CORRECT USER IN THE MYSQL DATABASE FOR FUTURE REFERENCE
  91. $_SESSION['logginguserid'] = $userid;
  92. //LOGS THE LOGIN INTO THE 'LOGS/.ACCESSLOGS' MASTER TEXT RECORD
  93. $logfile = 'logs/.accesslogs';
  94. //include('/var/www/html/actions/cookies.php');
  95. $cookie = '';
  96. $logentry = "[LOGIN]- ID: ".$userid." USERNAME: ".$_SESSION['username']." RIP: ".$_SESSION['RIP']." DATE/TIME: ".$datetime." USER AGENT: ".$_SESSION['RAGENT']." --COOKIE: ".$cookie."\n";
  97. if (file_exists($logfile)) {
  98. if (is_writable($logfile)) {
  99. $handle = fopen($logfile, 'a');
  100. if (fwrite($handle, $logentry) === FALSE) {
  101. exit;
  102. }
  103. } else {
  104. echo "";
  105. }
  106. }
  107. //if($logfile){ fclose($logfile); }
  108. //UNSETS ANY ERRORS THAT MAY HAVE OCCURED
  109. unset($_SESSION['lerror']);
  110. if(isset($_SESSION['login']) && !isset($_SESSION['lerror'])){ //IF LOGIN IN SESSION IS NOT SET
  111. header("Location: logon.php");
  112. }
  113. }else{
  114. //REDIRECTS USERS BACK TO THE LOGIN PAGE
  115. unset($_SESSION['login']);
  116. $_SESSION['lerror'] = 1;
  117. if(!isset($_SESSION['login'])){ //IF LOGIN IN SESSION IS NOT SET
  118. header("Location: /");
  119. }
  120. }
  121. }
  122. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!