Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // ------------------------------ //
- // https://pastebin.com/996xp0kj //
- // ------------------------------ //
- require '../php/session.php';
- require '../php/config.php';
- $token = trim($_GET['auth_token']);
- $invalid = "login.php";
- // CONFIRMATION FORM
- if(isset($_POST['auth'])){
- // INPUTS
- $username = trim($_POST['auth_username']);
- $userpass = $_POST['auth_userpass'];
- // ERRORS ARRAY
- $errors = [];
- // Username Check
- if(!$username){
- $errors[] = "Empty Username";
- }elseif(!filter_var($username, FILTER_SANITIZE_STRING) || !preg_match("/^[\w]{4,16}$/", $username)){
- $errors[] = "Invalid Username";
- $username = "";
- }
- // Password Check
- if(!$userpass){
- $errors[] = "Empty Password";
- }
- // Verify Account Existence
- if($username && $userpass){
- $sql = "SELECT user_id,user_name,user_pass,user_type FROM users WHERE user_name = ?";
- $verify = 1;
- $stmt = prepareQuery($con, $sql, [$username]);
- $stmt -> store_result();
- $num = $stmt -> num_rows();
- // Check if account exists
- if($num === $verify){
- // Bind results to variables
- $stmt -> bind_result($uid, $uname, $uhash, $utype);
- while($stmt -> fetch()){
- $userid = $uid;
- $username = $uname;
- $userhash = $uhash;
- $usertype = $utype;
- }
- // Finally check the password
- if(password_verify($userpass, $userhash)){
- $stmt -> close();
- // LOGIN ACCOUNT
- $_SESSION['uID'] = $userid;
- $_SESSION['pID'] = $username;
- $_SESSION['TYPE'] = $usertype;
- $_SESSION['LOGIN'] = $date;
- $errors[] = "Successfully verified and logged in!";
- // LOG ACTIVITY
- $sql = "UPDATE users SET user_status = ?, user_lastlogin = ?, user_verified = ? WHERE user_name = ?";
- $stmt = prepareQuery($con, $sql, [$verify, $date, $verify, $username]);
- redir("/dashboard/cpanel.php", $errors);
- }
- }
- $errors[] = "Username or password does not match our records";
- $con -> close();
- }
- // CHECK FOR ERRORS
- if($errors){
- $mins = time() + 120;
- $path = "confirmation.php?auth_token=".$token;
- setcookie("username", $username, $mins, $path);
- redir($path, $errors);
- }
- // CONFIRMATION TOKEN
- }elseif($token){
- $verify = 0;
- // Check token pattern [ONLY letters, numbers, and 16-char long]
- if(!filter_var($token, FILTER_SANITIZE_STRING) || !preg_match("/^[\w]{16}$/", $token)){
- redir($invalid, ["Invalid Token"]);
- }
- // Check token in Database
- $sql = "SELECT user_name, user_token, user_verified FROM users WHERE user_token = ? AND user_verified = ?";
- $stmt = prepareQuery($con, $sql, [$token, $verify]);
- $stmt -> store_result();
- // If matches, allow access
- if($stmt -> num_rows()){
- $con -> close();
- $_SESSION['ERROR'] = ["Please enter your username and passsword"];
- }else{
- redir($invalid, ["Invalid Token"]);
- }
- }else{
- redir($invalid, ["Page Unavailable"]);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement