<?phpsession_start();include("connect.php");$timeout = 60 * 30;$fingerprin

1. <?php
2. session_start();
3.  
4. include("connect.php");
5.  
6. $timeout = 60 * 30;
7. $fingerprint = md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']);
8.  
9. if(isset($_POST['userName']))
10. {
11. $user = mysql_real_escape_string($_POST['userName']);
12. $password = mysql_real_escape_string($_POST['password']);
13. $matchingUser = mysql_query("SELECT * FROM `users` WHERE username='$user' AND password=MD5('$password') LIMIT 1");
14. if (mysql_num_rows($matchingUser))
15. {
16. if($matchingUser['inactive'] == 1)//Checks if the inactive field of the user is set to one
17. {
18. $error = "Your e-mail Id has not been verified. Check your mail to verify your e-mail Id. However you'll be logged in to site with less privileges.";
19. $_SESSION['inactive'] = true;
20. }
21. $_SESSION['user'] = $user;
22. $_SESSION['lastActive'] = time();
23. $_SESSION['fingerprint'] = $fingerprint;
24. }
25. else
26. {
27. $error = "Invalid user id";
28. }
29. }
30. if ((isset($_SESSION['lastActive']) && $_SESSION['lastActive']<(time()-$timeout)) || (isset($_SESSION['fingerprint']) && $_SESSION['fingerprint']!=$fingerprint)
31. || isset($_GET['logout'])
32. )
33. {
34. setcookie(session_name(), '', time()-3600, '/');
35. session_destroy();
36. }
37. else
38. {
39. session_regenerate_id();
40. $_SESSION['lastActive'] = time();
41. $_SESSION['fingerprint'] = $fingerprint;
42. }
43. ?>
44.  
45. <?php
46. if(!isset($_SESSION['user']))
47. {
48. if(isset($error)) echo $error;
49. echo '<form action="' . $_SERVER["PHP_SELF"] . '" method="post">
50. <label>Username: </label>
51. <input type="text" name="userName" value="';if(isset($_POST['userName'])) echo $_POST["userName"]; echo '" /><br />
52. <label>Password: </label>
53. <input type="password" name="password" />
54. <input type="submit" value="Login" class="button" />
55. <ul class="sidemenu">
56. <li><a href="register.php">Register</a></li>
57. <li><a href="forgotPassword.php">Forgot Password</a></li>
58. </ul>
59. </form>';
60. }
61. else
62. {
63. echo '<ul class="sidemenu">
64. <li>' . $_SESSION['user'] . '</li>
65. <li><a href="' . $_SERVER["PHP_SELF"] . '?logout=true">Logout</a></li>
66. </ul>';
67. }
68. ?>
69.  
70. unset($_SESSION['user']);
71. unset($_SESSION['lastActive']);
72. unset($_SESSION['fingerprint']);
73.  
74. if($matchingUser['inactive'] == 1)
75.  
76. if(!$matchingUser['inactive'])
77.  
78. if($matchingUser['isactive'])
79.  
80. if($matchingUser->isActive())
81.  
82. <a href="' . $_SERVER["PHP_SELF"] . '?logout=true">
83.  
84. <a href="?logout=true">
85.  
86. $matchingUser = mysql_query("SELECT * FROM `users` WHERE username='$user' AND password=MD5('$password') LIMIT 1");
87. if (mysql_num_rows($matchingUser))
88. {
89. $matchingUserData = mysql_fetch_assoc($matchingUser);
90. if($matchingUserData['inactive'] == 1) //Checks if the inactive field of the user is set to one
91. {
92. $error = "Your e-mail Id has not been verified. Check your mail to verify your e-mail Id. However you'll be logged in to site with less privileges.";
93. $_SESSION['inactive'] = true;
94. }
95.  
96. function generateHash($plainText, $salt = null)
97. {
98. define('SALT_LENGTH', 9);
99. if ($salt === null)
100. {
101. $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
102. return array($salt, sha1($salt . $plainText) );
103. }
104. else
105. {
106. $salt = substr($salt, 0, SALT_LENGTH);
107. return sha1($salt . $plainText);
108. }
109.  
110. }