Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function login($email, $password, $mysqli){
- if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
- FROM members
- WHERE email = ?
- LIMIT 1")){
- $stmt->bind_param('s', $email);
- $stmt->execute();
- $stmt->store_result();
- $stmt->bind_result($user_id, $username, $db_password, $salt);
- $stmt->fetch();
- //hash the password with unique salt
- //$password = hash('sha512',$password . $salt);
- if($stmt->num_rows ==1){
- if(checkbrute($user_id, $mysqli) == true){
- return false;
- } else{
- if($db_password == $password){
- $user_browser = $_SERVER['HTTP_USER_AGENT'];
- session_start();
- $user_id = preg_replace("/[^0-9]+/", "", $user_id);
- $_SESSION['user_id'] = $user_id;
- $username = preg_replace("/[^a-zA-Z0-9_\-]+/",
- "",
- $username);
- $_SESSION['username'] = $username;
- $_SESSION['login_string'] = hash('sha512', $password. $user_browser);
- return true;
- } else{
- $now = time();
- $mysqli->query("INSERT INTO login_attempts(user_id, time)
- VALUES('$user_id', '$now')");
- echo mysli_error($mysqli);
- }
- }
- }else{
- //No user exists.
- //return false;
- echo mysqli_error($mysqli);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement