Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- "Logging in..."
- "Some input fields are empty"
- "Your username is required"
- "Your password is required"
- <script type='text/javascript'>
- $(document).ready(function () {
- var submitButton = $("#btn-login");
- submitButton.on('click', function (e) {
- e.preventDefault();
- // Get input field values of the contact form
- var loginFormInputs = $('#login-form :input'),
- userName = $('#txt_uname_email').val(),
- userPassword = $('#txt_password').val(),
- token = $('#token').val(),
- alertMessage = $('#login-alert-message');
- // Disable Inputs and display a loading message
- alertMessage.html('<p style="opacity: 1"><i class="fa fa-spinner fa-spin text-success"></i> Logging in..</p>');
- submitButton.html('<i class="fas fa-spinner fa-spin"></i>');
- loginFormInputs.prop("disabled", true);
- // Data to be sent to server
- var post_data = {
- 'form': 'loginForm',
- 'userName': userName,
- 'userPassword': userPassword,
- 'token': token
- };
- // Ajax post data to server
- $.post('./api', post_data, function (response) {
- // Load jsn data from server and output message
- if (response.type === 'error') {
- alertMessage.html('<p><i class="fa-lg far fa-times-circle text-danger"></i> ' + response.text + '</p>');
- submitButton.html('Login');
- loginFormInputs.prop("disabled", false);
- } else {
- alertMessage.html('<p><i class="fa-lg far fa-check-circle text-success"></i> ' + response.text + '</p>');
- submitButton.html('Login');
- window.location = "dashboard";
- }
- }, 'json');
- });
- });
- </script>
- public function doLogin($uname,$umail,$upass)
- {
- try
- {
- $stmt = $this->conn->prepare("SELECT * FROM `settings` LIMIT 1");
- $stmt->execute();
- $mainten=$stmt->fetch(PDO::FETCH_ASSOC);
- $stmt = $this->conn->prepare("SELECT user_id, user_name, user_email, user_pass, status FROM users WHERE user_name=:uname OR user_email=:umail ");
- $stmt->execute(array(':uname'=>$uname, ':umail'=>$umail));
- $userRow=$stmt->fetch(PDO::FETCH_ASSOC);
- if($stmt->rowCount() == 1)
- {
- if(password_verify($upass, $userRow['user_pass']))
- {
- session_regenerate_id(false);
- return ["correctPass"=>true, "banned"=> ($userRow['status']== 1) ? true : false, "maintenance"=> ($mainten["maintenance"]== 1) ? true : false];
- }
- else
- {
- return ["correctPass"=>false];
- }
- }
- }
- catch(PDOException $e)
- {
- echo $e->getMessage();
- }
- }
- require_once("includes/app/class.user.php");
- $login = new USER();
- $uname = htmlspecialchars($_POST['userName']);
- $umail = htmlspecialchars($_POST['userName']);
- $upass = htmlspecialchars($_POST['userPassword']);
- $token = $_POST['token'];
- if( $_POST && $_POST["form"] === 'loginForm' ) {
- // Use PHP To Detect An Ajax Request
- if( !isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest' ) {
- // Exit script for the JSON data
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Request must come from Ajax'
- ));
- die($output);
- }
- // Checking if the $_POST vars well provided, Exit if there is one missing
- if( !isset($_POST["userName"]) || !isset($_POST["userPassword"]) || !isset($_POST["token"]) ) {
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Some input fields are empty!'
- ));
- die($output);
- }
- // PHP validation for the fields required
- if( empty($_POST["userName"]) ) {
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Your username is required.'
- ));
- die($output);
- }
- if( empty($_POST["userPassword"]) ) {
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Your password is required.'
- ));
- die($output);
- }
- $validation = $login->doLogin($uname,$umail,$upass);
- if($validation["correctPass"]){
- if($validation["maintenance"]){
- if (!in_array($uname, array('admin'))){
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Website under maintenance.'
- ));
- die($output);
- }
- }
- if($validation["banned"]){
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'User has been banned.'
- ));
- die($output);
- }else{
- if(Token::check($_POST['token'])) {
- $stmtt = $login->runQuery("SELECT user_id FROM users WHERE user_name=:uname OR user_email=:umail ");
- $stmtt->execute(array(':uname'=>$uname, ':umail'=>$umail));
- $userRow=$stmtt->fetch(PDO::FETCH_ASSOC);
- $_SESSION['user_session'] = $userRow['user_id'];
- $output = json_encode(
- array(
- 'type' => 'message',
- 'text' => 'Logged in successfully.'
- ));
- die($output);
- //$success = "Logged in successfully, redirecting..";
- //header( "refresh:3;url=ab" );
- //$login->redirect('dashboard');
- } else {
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Unexpected error occured.'
- ));
- die($output);
- }
- }
- }
- else{
- $output = json_encode(
- array(
- 'type' => 'error',
- 'text' => 'Incorrect username or password.'
- ));
- die($output);
- }
- }
Add Comment
Please, Sign In to add comment