API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 16th, 2017
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. session_start();
  4. // Include the database page
  5. require ('../inc/dbconfig.php');
  6. require ('../inc/global_functions.php');
  7.  
  8. if (isset($_POST['submit'])) { //Login submitted
  9.     if(!isset($_SESSION[$loggedinUserDataArray])) { //Not already logged in
  10.         $username = empty($_POST['username'])?null:trim($_POST['username']);
  11.         $password = empty($_POST['username'])?null:trim($_POST['password']);
  12.         if (!$username || !$password){
  13.             //No user or pass error
  14.             $message = "You must enter both username and password";
  15.         }
  16.         else {
  17.             $username = mysqli_real_escape_string($dbc,$username);
  18.             $query = "SELECT * FROM manager_users WHERE username = '".$username."'";
  19.             $result = mysqli_query($dbc,$query);
  20.            
  21.             $row = mysqli_fetch_array($result);
  22.             if (!$row){
  23.                 //Bad user or password error
  24.                 $output = array(
  25.                     'errorsExist' => true,
  26.                     'message' => 'Invalid Username and Password combination!'
  27.                 );
  28.             }
  29.             if ($row['statusID'] == 1){
  30.                 //Verification needed error
  31.                 $output = array(
  32.                     'errorsExist' => true,
  33.                     'message' => 'Sorry you must verify your email address before logging in. Didn\'t get the verification email? Don\'t worry we can <a href="javascript:void(0);" id="resendVerification">resend it</a>!'
  34.                 );
  35.             }
  36.             else if ($row['statusID'] == 3){
  37.                 //Suspended error
  38.                 $output = array(
  39.                     'errorsExist' => true,
  40.                     'message' => 'Your account has been suspended and is pending deletion. If you would like to contest this action <a href="javascript:void(0);" id="contestSuspension">click here</a>!'
  41.                 );
  42.             }
  43.             else if ($row['statusID'] == 4){
  44.                 //Pending deletion error
  45.                 $output = array(
  46.                     'errorsExist' => true,
  47.                     'message' => 'Your account is currently pending deletion, would you like to reactivate it? <a href="javascript:void(0);" id="undeleteAccount">Yes, Reactivate</a>!'
  48.                 );
  49.             }
  50.             else {
  51.                 $lockDate = ($row['lockDate'] == "0000-00-00 00:00:00")?0:strtotime($row['lockDate']);
  52.                 $diff = abs(time() - $lockDate);
  53.                 $minutes = floor($diff / 60);
  54.                 if ($minutes < 10){
  55.                     //Account locked error
  56.                     $output = array(
  57.                         'errorsExist' => true,
  58.                         'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'
  59.                     );
  60.                 }
  61.                 else {
  62.                     $password = reGenPassHash($password, $row['password2']);
  63.  
  64.                     //Clear lock
  65.                     mysqli_query("UPDATE manager_users SET lockDate=NULL WHERE username = '".$username."'");
  66.  
  67.                     if ($password == $row['password']){
  68.                         //Login successful
  69.                     }
  70.                     else {
  71.                         //Add to number of tries
  72.                                     $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1;
  73.  
  74.                         if ($_SESSION['numberOfAttempts'] > 5){
  75.                             $hackerIPAddress = $_SERVER['REMOTE_ADDR'];
  76.                             $userID = $row['userID'];
  77.                             $query = "UPDATE manager_users SET lockDate = CURRENT_TIMESTAMP WHERE userID = '".$userID."'";
  78.                             $result = mysqli_query($dbc,$query);
  79.                             $query2 = "INSERT INTO manager_users_hacking (hackerIPAddress, userID, lockDate) VALUES ('".$hackerIPAddress."','".$userID."', CURRENT_TIMESTAMP)";
  80.                             $result2 = mysqli_query($dbc,$query2);
  81.                             $output = array(
  82.                                 'errorsExist' => true,
  83.                                 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s! You must wait 10 minutes before you can login again!'
  84.                             );
  85.                         }
  86.                     }
  87.                 }
  88.             }
  89.         }
  90.     }
  91. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!