Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_POST[LOGIN]))
- {
- $Username=$_POST[Username];
- $Password=$_POST[Password];
- $login_error[]="";
- $login_success=false;
- $login_attempts_threshold=$dates_array[TIMESTAMP]-ONLINE_THRESHOLD;
- $get_login_attempts=mysql_query("SELECT * FROM FailedLogins WHERE IP='$Viewer_IP' AND Time>'$login_attempts_threshold'");
- if(mysql_num_rows($get_login_attempts)<5)
- {
- if(preg_match(USERNAME_REGEX_PATTERN,$Username))
- {
- if(preg_match(PASSWORD_REGEX_PATTERN,$Password))
- {
- $getuserdata=mysql_query("SELECT * FROM Users WHERE Username='$Username'");
- if(mysql_num_rows($getuserdata)==1)
- {
- $userdata=mysql_fetch_array($getuserdata);
- if($userdata[Password]==md5(sha1(md5($Password)).$Password))
- {
- if($userdata[Status]=="Pending")
- {
- $login_error[]="PendingRegistration";
- }
- else
- {
- $login_success=true;
- $_SESSION[User_logged_in]=true;
- $_SESSION[User_ID]=$userdata[UserID];
- $_SESSION[User_Type]=$userdata[Type];
- $_SESSION[Language]=$userdata[Language];
- $_SESSION[Username]=$userdata[Username];
- $updatelogin=mysql_query("UPDATE Users SET last_access='$dates_array[TIMESTAMP]' WHERE UserID='$_SESSION[User_ID]' LIMIT 1");
- }
- }
- else
- {
- $login_error[]="InvalidPass";
- }
- }
- else
- {
- $login_error[]="InvalidName";
- }
- }
- else
- {
- $login_error[]="InvalidPass";
- }
- }
- else
- {
- $login_error[]="InvalidName";
- }
- }
- else
- {
- $login_error[]="TooManyAttempts";
- }
- if($login_success)
- {
- //TODO:switchcase usertype
- header(sprintf("Location: %s", BASE_URL.'/'));
- }
- else
- {
- header(sprintf("Location: %s", BASE_URL.'/login/'));
- if(in_array("TooManyAttempts",$login_error)
- {
- //TODO:notifywebmaster
- }
- $controlcharlist="\"'#%&|<>;"
- if((!strpbrk($Username,$controlcharlist))||(!strpbrk($Password,$controlcharlist))) {
- //TODO:notifywebmaster hackingattempt
- }
- if(!isset($_SESSION[Failed_login_count])) {
- $_SESSION[Failed_login_count]=0;
- }
- $_SESSION[Failed_login_count]++;
- $failedlogin_query=mysql_query("INSERT INTO FailedLogins (Time, IP) VALUES ('$dates_array[TIMESTAMP]','$Viewer_IP')");
- //TODO:logaction
- }
- }
- ?>
- <div id="loginform">
- <form method="post" action="<?=BASE_URL?>/login/" target="_self">
- <div id="login_error_div">
- <?php
- //TODO:fix kiiratas
- foreach($login_error as $error)
- {
- echo $error."<br />";
- }
- ?>
- </div>
- <div class="login_row">
- <div class="login_row_text">
- <?=LOGIN_USERNAME_TITLE?>
- </div>
- <div class="login_row_input">
- <input type="text" name="Username">
- </div>
- <div class="login_row_error">
- <?php
- if(in_array("InvalidName",$login_error))
- {
- echo LOGIN_ERROR_USERNAME;
- }
- ?>
- </div>
- </div>
- <div class="login_row">
- <div class="login_row_text">
- <?=LOGIN_PASSWORD_TITLE?>
- </div>
- <div class="login_row_input">
- <input type="text" name="Password">
- </div>
- <div class="login_row_error">
- <?php
- if(in_array("InvalidName",$login_error))
- {
- echo LOGIN_ERROR_PASSWORD;
- }
- ?>
- </div>
- </div>
- <input type="submit" id="Loginbutton" name="LOGIN" value="<?=LOGIN_LOGINBUTTON_TEXT?>">
- </form>
- </div>
Add Comment
Please, Sign In to add comment