API tools faq
paste
Guest User

Untitled

a guest
Nov 15th, 2018
190
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.11 KB | None | 0 0
raw download clone embed print report
  1. "Logging in..."
  2. "Some input fields are empty"
  3. "Your username is required"
  4. "Your password is required"
  5.  
  6. <script type='text/javascript'>
  7. $(document).ready(function () {
  8.  
  9. var submitButton = $("#btn-login");
  10.  
  11.  
  12. submitButton.on('click', function (e) {
  13. e.preventDefault();
  14.  
  15. // Get input field values of the contact form
  16. var loginFormInputs = $('#login-form :input'),
  17. userName = $('#txt_uname_email').val(),
  18. userPassword = $('#txt_password').val(),
  19. token = $('#token').val(),
  20. alertMessage = $('#login-alert-message');
  21.  
  22. // Disable Inputs and display a loading message
  23. alertMessage.html('<p style="opacity: 1"><i class="fa fa-spinner fa-spin text-success"></i> Logging in..</p>');
  24. submitButton.html('<i class="fas fa-spinner fa-spin"></i>');
  25. loginFormInputs.prop("disabled", true);
  26.  
  27. // Data to be sent to server
  28. var post_data = {
  29. 'form': 'loginForm',
  30. 'userName': userName,
  31. 'userPassword': userPassword,
  32. 'token': token
  33. };
  34.  
  35. // Ajax post data to server
  36. $.post('./api', post_data, function (response) {
  37.  
  38.  
  39. // Load jsn data from server and output message
  40. if (response.type === 'error') {
  41.  
  42. alertMessage.html('<p><i class="fa-lg far fa-times-circle text-danger"></i> ' + response.text + '</p>');
  43. submitButton.html('Login');
  44. loginFormInputs.prop("disabled", false);
  45.  
  46. } else {
  47.  
  48. alertMessage.html('<p><i class="fa-lg far fa-check-circle text-success"></i> ' + response.text + '</p>');
  49. submitButton.html('Login');
  50. window.location = "dashboard";
  51.  
  52. }
  53.  
  54. }, 'json');
  55.  
  56. });
  57.  
  58. });
  59. </script>
  60.  
  61. public function doLogin($uname,$umail,$upass)
  62. {
  63. try
  64. {
  65. $stmt = $this->conn->prepare("SELECT * FROM `settings` LIMIT 1");
  66. $stmt->execute();
  67. $mainten=$stmt->fetch(PDO::FETCH_ASSOC);
  68. $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass, status FROM users WHERE user_name=:uname OR user_email=:umail ");
  69. $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
  70. $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
  71. if($stmt->rowCount() == 1)
  72. {
  73. if(password_verify($upass, $userRow['user_pass']))
  74. {
  75. session_regenerate_id(false);
  76. return ["correctPass"=>true, "banned"=> ($userRow['status']== 1) ? true : false, "maintenance"=> ($mainten["maintenance"]== 1) ? true : false];
  77.  
  78. }
  79. else
  80. {
  81. return ["correctPass"=>false];
  82. }
  83. }
  84. }
  85. catch(PDOException $e)
  86. {
  87. echo $e->getMessage();
  88. }
  89. }
  90.  
  91. require_once("includes/app/class.user.php");
  92. $login = new USER();
  93.  
  94. $uname = htmlspecialchars($_POST['userName']);
  95. $umail = htmlspecialchars($_POST['userName']);
  96. $upass = htmlspecialchars($_POST['userPassword']);
  97. $token = $_POST['token'];
  98.  
  99. if( $_POST && $_POST["form"] === 'loginForm' ) {
  100.  
  101.  
  102.  
  103. // Use PHP To Detect An Ajax Request
  104. if( !isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest' ) {
  105.  
  106. // Exit script for the JSON data
  107. $output = json_encode(
  108. array(
  109. 'type' => 'error',
  110. 'text' => 'Request must come from Ajax'
  111. ));
  112.  
  113. die($output);
  114. }
  115.  
  116. // Checking if the $_POST vars well provided, Exit if there is one missing
  117. if( !isset($_POST["userName"]) || !isset($_POST["userPassword"]) || !isset($_POST["token"]) ) {
  118.  
  119. $output = json_encode(
  120. array(
  121. 'type' => 'error',
  122. 'text' => 'Some input fields are empty!'
  123. ));
  124.  
  125. die($output);
  126. }
  127.  
  128. // PHP validation for the fields required
  129. if( empty($_POST["userName"]) ) {
  130. $output = json_encode(
  131. array(
  132. 'type' => 'error',
  133. 'text' => 'Your username is required.'
  134. ));
  135. die($output);
  136. }
  137.  
  138. if( empty($_POST["userPassword"]) ) {
  139. $output = json_encode(
  140. array(
  141. 'type' => 'error',
  142. 'text' => 'Your password is required.'
  143. ));
  144. die($output);
  145. }
  146.  
  147. $validation = $login->doLogin($uname,$umail,$upass);
  148. if($validation["correctPass"]){
  149. if($validation["maintenance"]){
  150. if (!in_array($uname, array('admin'))){
  151. $output = json_encode(
  152. array(
  153. 'type' => 'error',
  154. 'text' => 'Website under maintenance.'
  155. ));
  156. die($output);
  157. }
  158. }
  159. if($validation["banned"]){
  160. $output = json_encode(
  161. array(
  162. 'type' => 'error',
  163. 'text' => 'User has been banned.'
  164. ));
  165. die($output);
  166. }else{
  167. if(Token::check($_POST['token'])) {
  168. $stmtt = $login->runQuery("SELECT user_id FROM users WHERE user_name=:uname OR user_email=:umail ");
  169. $stmtt->execute(array(':uname'=>$uname, ':umail'=>$umail));
  170. $userRow=$stmtt->fetch(PDO::FETCH_ASSOC);
  171. $_SESSION['user_session'] = $userRow['user_id'];
  172. $output = json_encode(
  173. array(
  174. 'type' => 'message',
  175. 'text' => 'Logged in successfully.'
  176. ));
  177.  
  178. die($output);
  179. //$success = "Logged in successfully, redirecting..";
  180. //header( "refresh:3;url=ab" );
  181. //$login->redirect('dashboard');
  182. } else {
  183. $output = json_encode(
  184. array(
  185. 'type' => 'error',
  186. 'text' => 'Unexpected error occured.'
  187. ));
  188. die($output);
  189. }
  190. }
  191. }
  192. else{
  193. $output = json_encode(
  194. array(
  195. 'type' => 'error',
  196. 'text' => 'Incorrect username or password.'
  197. ));
  198. die($output);
  199. }
  200.  
  201. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!