Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- include("connect.php");
- $timeout = 60 * 30;
- $fingerprint = md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']);
- if(isset($_POST['userName']))
- {
- $user = mysql_real_escape_string($_POST['userName']);
- $password = mysql_real_escape_string($_POST['password']);
- $matchingUser = mysql_query("SELECT * FROM `users` WHERE username='$user' AND password=MD5('$password') LIMIT 1");
- if (mysql_num_rows($matchingUser))
- {
- if($matchingUser['inactive'] == 1)//Checks if the inactive field of the user is set to one
- {
- $error = "Your e-mail Id has not been verified. Check your mail to verify your e-mail Id. However you'll be logged in to site with less privileges.";
- $_SESSION['inactive'] = true;
- }
- $_SESSION['user'] = $user;
- $_SESSION['lastActive'] = time();
- $_SESSION['fingerprint'] = $fingerprint;
- }
- else
- {
- $error = "Invalid user id";
- }
- }
- if ((isset($_SESSION['lastActive']) && $_SESSION['lastActive']<(time()-$timeout)) || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)
- || isset($_GET['logout'])
- )
- {
- setcookie(session_name(), '', time()-3600, '/');
- session_destroy();
- }
- else
- {
- session_regenerate_id();
- $_SESSION['lastActive'] = time();
- $_SESSION['fingerprint'] = $fingerprint;
- }
- ?>
- <?php
- if(!isset($_SESSION['user']))
- {
- if(isset($error)) echo $error;
- echo '<form action="' . $_SERVER["PHP_SELF"] . '" method="post">
- <label>Username: </label>
- <input type="text" name="userName" value="';if(isset($_POST['userName'])) echo $_POST["userName"]; echo '" /><br />
- <label>Password: </label>
- <input type="password" name="password" />
- <input type="submit" value="Login" class="button" />
- <ul class="sidemenu">
- <li><a href="register.php">Register</a></li>
- <li><a href="forgotPassword.php">Forgot Password</a></li>
- </ul>
- </form>';
- }
- else
- {
- echo '<ul class="sidemenu">
- <li>' . $_SESSION['user'] . '</li>
- <li><a href="' . $_SERVER["PHP_SELF"] . '?logout=true">Logout</a></li>
- </ul>';
- }
- ?>
- unset($_SESSION['user']);
- unset($_SESSION['lastActive']);
- unset($_SESSION['fingerprint']);
- if($matchingUser['inactive'] == 1)
- if(!$matchingUser['inactive'])
- if($matchingUser['isactive'])
- if($matchingUser->isActive())
- <a href="' . $_SERVER["PHP_SELF"] . '?logout=true">
- <a href="?logout=true">
- $matchingUser = mysql_query("SELECT * FROM `users` WHERE username='$user' AND password=MD5('$password') LIMIT 1");
- if (mysql_num_rows($matchingUser))
- {
- $matchingUserData = mysql_fetch_assoc($matchingUser);
- if($matchingUserData['inactive'] == 1) //Checks if the inactive field of the user is set to one
- {
- $error = "Your e-mail Id has not been verified. Check your mail to verify your e-mail Id. However you'll be logged in to site with less privileges.";
- $_SESSION['inactive'] = true;
- }
- function generateHash($plainText, $salt = null)
- {
- define('SALT_LENGTH', 9);
- if ($salt === null)
- {
- $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
- return array($salt, sha1($salt . $plainText) );
- }
- else
- {
- $salt = substr($salt, 0, SALT_LENGTH);
- return sha1($salt . $plainText);
- }
- }
Add Comment
Please, Sign In to add comment