Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- //ASSIGNING USER AND PASS VARIABLES FROM THE POST LOGIN FORM
- $user=$_POST['email'];
- $pass=$_POST['password'];
- //ASSIGNING THE INDEX PAGE STORED IN THE SESSION VARIABLE
- $index=$_SESSION['index'];
- //CONVERTING THE USERNAME TO ALL LOWERCASE
- $user=strtolower($user);
- $counter=1;
- //IF THE USERNAME IS BLANK THEN SEND THE USER BACK TO THE INDEX PAGE WITH AN ERROR
- if (!isset($user)){
- unset($_SESSION['login']);
- $_SESSION['lerror'] = 2;
- if(!isset($_SESSION['login'])){
- header("Location: ".$index);
- }
- }else{
- //SQL SETTINGS VARIABLES
- include('/var/www/includes/sqlconfig.php');
- try{
- $DB->query("SELECT * FROM `$Refunds_Database_Name`.`accounts` WHERE `username` = :user LIMIT 1");
- $DB->bind(':user',$user);
- $result = $DB->single_ASSOC();
- //IF THE USER NAME IS FOUND IN DATABSE
- if($result){
- $userfound = 1;
- $userid = $result['id'];
- $userpass = $result['password'];
- $useremail = $result['email'];
- $department = $result['department'];
- $role = $result['role'];
- $firstname = $result['first'];
- $lastname = $result['last'];
- $level = $result['level'];
- $hashpass = hash('sha256',$pass.$user);
- if ($userpass === $hashpass){
- $passmatch = 1;
- }
- //IF THE USER NAME IS NOT FOUND IN DATABASE
- }else{
- $userfound=0;
- }
- }
- catch(PDOException $e){
- $_SESSION['lerror'] = "<br>" . $e->getMessage();
- die($_SESSION['lerror']);
- }
- //IF USER NAME AND PASSWORD MATCH
- if ($userfound == 1 && $passmatch == 1){
- //ASSIGNS SESSION VARIABLES IF AUTHENTICATION IS COMPLETED
- $_SESSION['user_fullname'] = $firstname." ".$lastname;
- $_SESSION['user_firstname'] = $firstname;
- $_SESSION['user_lastname'] = $lastname;
- $_SESSION['username'] = $user;
- $_SESSION['userid'] = $userid;
- $_SESSION['role'] = $role;
- $_SESSION['useremail'] = $useremail;
- $_SESSION['login'] = true;
- $_SESSION['department'] = $department;
- $_SESSION['level'] = $level;
- $_SESSION['RIP'] = $_SERVER['REMOTE_ADDR'];
- if(isset($_SERVER['REMOTE_HOST'])){ $_SESSION['RHOST'] = $_SERVER['REMOTE_HOST']; }
- else{ $_SESSION['RHOST'] = ''; }
- $_SESSION['RPORT'] = $_SERVER['REMOTE_PORT'];
- if(isset($_SERVER['REMOTE_USER'])){ $_SESSION['RUSER'] = $_SERVER['REMOTE_USER']; }
- else{ $_SESSION['RUSER'] = ''; }
- $_SESSION['RAGENT'] = $_SERVER['HTTP_USER_AGENT'];
- //CREATES A DATE & TIME VARIABLE THAT IS FORMATTED FOR MYSQL
- $datetime = date_create()->format('Y-m-d H:i:s');
- //LOGS USERS LOGIN INTO THE DATABASE
- $DB->query("INSERT INTO `$Refunds_Database_Name`.`users` (`id`,`department`,`username`,`fullname`,`first`,`last`,`RIP`,`RHOST`,`RPORT`,`RUSER`,`RAGENT`,`login`,`logindatetime`,`logout`,`logoutdatetime`) VALUES (:userid,:department,:username,:user_fullname,:user_firstname,:user_lastname,:RIP,:RHOST,:RPORT,:RUSER,:RAGENT,1,:datetime,0,NULL)");
- $DB->bind(':userid',$_SESSION['userid']);
- $DB->bind(':department',$_SESSION['department']);
- $DB->bind(':username',$_SESSION['username']);
- $DB->bind(':user_fullname',$_SESSION['user_fullname']);
- $DB->bind(':user_firstname',$_SESSION['user_firstname']);
- $DB->bind(':user_lastname',$_SESSION['user_lastname']);
- $DB->bind(':RIP',$_SERVER['REMOTE_ADDR']);
- $DB->bind(':RHOST',$_SESSION['RHOST']);
- $DB->bind(':RPORT',$_SERVER['REMOTE_PORT']);
- $DB->bind(':RUSER',$_SESSION['RUSER']);
- $DB->bind(':RAGENT',$_SERVER['HTTP_USER_AGENT']);
- $DB->bind(':datetime',$datetime);
- $DB->execute();
- //UNSETS THE LOGIN ERROR SESSION VARIABLE
- unset($_SESSION['lerror']);
- //SETTING THE LOGGING USER ID SESSION VARIABLE TO THE CORRECT USER IN THE MYSQL DATABASE FOR FUTURE REFERENCE
- $_SESSION['logginguserid'] = $userid;
- //LOGS THE LOGIN INTO THE 'LOGS/.ACCESSLOGS' MASTER TEXT RECORD
- $logfile = 'logs/.accesslogs';
- //include('/var/www/html/actions/cookies.php');
- $cookie = '';
- $logentry = "[LOGIN]- ID: ".$userid." USERNAME: ".$_SESSION['username']." RIP: ".$_SESSION['RIP']." DATE/TIME: ".$datetime." USER AGENT: ".$_SESSION['RAGENT']." --COOKIE: ".$cookie."\n";
- if (file_exists($logfile)) {
- if (is_writable($logfile)) {
- $handle = fopen($logfile, 'a');
- if (fwrite($handle, $logentry) === FALSE) {
- exit;
- }
- } else {
- echo "";
- }
- }
- //if($logfile){ fclose($logfile); }
- //UNSETS ANY ERRORS THAT MAY HAVE OCCURED
- unset($_SESSION['lerror']);
- if(isset($_SESSION['login']) && !isset($_SESSION['lerror'])){ //IF LOGIN IN SESSION IS NOT SET
- header("Location: logon.php");
- }
- }else{
- //REDIRECTS USERS BACK TO THE LOGIN PAGE
- unset($_SESSION['login']);
- $_SESSION['lerror'] = 1;
- if(!isset($_SESSION['login'])){ //IF LOGIN IN SESSION IS NOT SET
- header("Location: /");
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement