Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once "connect.php";
- $link = @new mysqli($host,$db_user,$db_password,$db_name);
- $login = htmlentities($_POST['login'], ENT_QUOTES, "UTF-8");
- $login = mysqli_real_escape_string($link, $login);
- $passwd = htmlentities($_POST['haslo'], ENT_QUOTES, "UTF-8");
- $passwd = mysqli_real_escape_string($link, $passwd);
- foreach ($_SERVER as $k=>$v) {$_SERVER[$k] = mysqli_real_escape_string($link, $v);}
- if($link->connect_errno == 0){
- if (isset($_POST['login'])){
- $q = mysqli_query($link, "select salt from user where login = '$login' ") or die("Error: ". $link->error);
- $salt = mysqli_fetch_array($q)['salt'];
- $hashed_passwd = hash("sha256", $salt.$passwd);
- $q1 = mysqli_fetch_assoc( mysqli_query($link, "select count(*) cnt, id_user, id_user_type, user_name, user_surname, id_user_type from user where login='$login' and password ='$hashed_passwd'"));
- if ($q1['cnt']){
- $id = md5(rand(-10000,10000) . microtime()) . md5(crc32(microtime()) . $_SERVER['REMOTE_ADDR']);
- $token = rand(-1000,1000);
- $userId = $q1['id_user'];
- $userType = $q1['id_user_type'];
- $userName = mysqli_real_escape_string($link, $q1['user_name']);
- $userSurName = mysqli_real_escape_string($link, $q1['user_surname']);
- echo $userId. '</br>';
- echo $userType. '</br>';
- echo $userName. '</br>';
- echo $userSurName. '</br>';
- mysqli_query($link, "delete from session where ID_user = '$userId';");
- $q2 = mysqli_query($link, "
- insert into session (ID_user, id_user_type, id, ip, web,imie,nazwisko,token,time) values
- ('$userId','$userType','$id','$_SERVER[REMOTE_ADDR]','$_SERVER[HTTP_USER_AGENT]','$userName','$userSurName','$token',CURRENT_TIMESTAMP)");
- if ($q2){
- setcookie("id", $id);
- setcookie("token", $token);
- header("location:index.php");
- } else {echo "błąd podczas logowania!";}
- } else {
- header("location: index.php");
- setcookie("login_error", true);
- }
- }else{
- header("location: index.php");
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement