Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- // Include the database page
- require ('../inc/dbconfig.php');
- require ('../inc/global_functions.php');
- if (isset($_POST['submit'])) { //Login submitted
- if(!isset($_SESSION[$loggedinUserDataArray])) { //Not already logged in
- $username = empty($_POST['username'])?null:trim($_POST['username']);
- $password = empty($_POST['username'])?null:trim($_POST['password']);
- if (!$username || !$password){
- //No user or pass error
- $message = "You must enter both username and password";
- }
- else {
- $username = mysqli_real_escape_string($dbc,$username);
- $query = "SELECT * FROM manager_users WHERE username = '".$username."'";
- $result = mysqli_query($dbc,$query);
- $row = mysqli_fetch_array($result);
- if (!$row){
- //Bad user or password error
- $output = array(
- 'errorsExist' => true,
- 'message' => 'Invalid Username and Password combination!'
- );
- }
- if ($row['statusID'] == 1){
- //Verification needed error
- $output = array(
- 'errorsExist' => true,
- 'message' => 'Sorry you must verify your email address before logging in. Didn\'t get the verification email? Don\'t worry we can <a href="javascript:void(0);" id="resendVerification">resend it</a>!'
- );
- }
- else if ($row['statusID'] == 3){
- //Suspended error
- $output = array(
- 'errorsExist' => true,
- 'message' => 'Your account has been suspended and is pending deletion. If you would like to contest this action <a href="javascript:void(0);" id="contestSuspension">click here</a>!'
- );
- }
- else if ($row['statusID'] == 4){
- //Pending deletion error
- $output = array(
- 'errorsExist' => true,
- 'message' => 'Your account is currently pending deletion, would you like to reactivate it? <a href="javascript:void(0);" id="undeleteAccount">Yes, Reactivate</a>!'
- );
- }
- else {
- $lockDate = ($row['lockDate'] == "0000-00-00 00:00:00")?0:strtotime($row['lockDate']);
- $diff = abs(time() - $lockDate);
- $minutes = floor($diff / 60);
- if ($minutes < 10){
- //Account locked error
- $output = array(
- 'errorsExist' => true,
- 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s!'
- );
- }
- else {
- $password = reGenPassHash($password, $row['password2']);
- //Clear lock
- mysqli_query("UPDATE manager_users SET lockDate=NULL WHERE username = '".$username."'");
- if ($password == $row['password']){
- //Login successful
- }
- else {
- //Add to number of tries
- $_SESSION['numberOfAttempts'] = $_SESSION['numberOfAttempts']+1;
- if ($_SESSION['numberOfAttempts'] > 5){
- $hackerIPAddress = $_SERVER['REMOTE_ADDR'];
- $userID = $row['userID'];
- $query = "UPDATE manager_users SET lockDate = CURRENT_TIMESTAMP WHERE userID = '".$userID."'";
- $result = mysqli_query($dbc,$query);
- $query2 = "INSERT INTO manager_users_hacking (hackerIPAddress, userID, lockDate) VALUES ('".$hackerIPAddress."','".$userID."', CURRENT_TIMESTAMP)";
- $result2 = mysqli_query($dbc,$query2);
- $output = array(
- 'errorsExist' => true,
- 'message' => 'Your account is currently locked, we appologize for the inconvienence. This is a security messure implimented by to many failed login\'s! You must wait 10 minutes before you can login again!'
- );
- }
- }
- }
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement