Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'php/adminloginfunctions.php';
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if ($_POST['type'] == 'login'){
- $username = $_POST['loginusername'];
- $password = $_POST['loginpassword'];
- if (login($username, $password)) {
- header('Location: http://' . $_SERVER['SERVER_NAME'].':1080' . dirname($_SERVER['REQUEST_URI']) . '/home.php');
- exit();
- }
- } else {
- logout();
- }
- }
- ?>
- <?php
- include 'adminmySQLCon.php';
- sec_session_start();
- function sec_session_start() {
- $session_name = 'sec_session_id';
- $secure = true;
- $httponly = true;
- if (ini_set('session.use_only_cookies', 1) === FALSE) {
- header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
- exit();
- }
- $cookieParams = session_get_cookie_params();
- session_set_cookie_params($cookieParams["lifetime"],
- $cookieParams["path"],
- $cookieParams["domain"],
- $secure,
- $httponly);
- session_name($session_name);
- session_start();
- session_regenerate_id(true);
- }
- function login($email, $password) {
- global $conn;
- if ($stmt = $conn->prepare("SELECT Occupant.idOccupant, Occupant.Occ_Email, Occupant.Occ_Password, roles.RoleLevel
- FROM Occupant INNER JOIN userrolemapping ON Occupant.idOccupant = userrolemapping.URMUserId
- INNER JOIN roles on roles.idRoles = userrolemapping.URMRoleID
- WHERE Occ_Email = ?
- LIMIT 1")) {
- $stmt->bind_param('s', $email);
- $stmt->execute();
- $stmt->store_result();
- $stmt->bind_result($user_id, $username, $db_password, $userrole);
- $stmt->fetch();
- if ($stmt->num_rows == 1) {
- if (checkbrute($user_id) == true) {
- return false;
- } else {
- if (password_verify($password, $db_password)) {
- $user_browser = $_SERVER['HTTP_USER_AGENT'];
- $_SESSION['user_id'] = $user_id;
- $_SESSION['username'] = $username;
- $_SESSION['login_string'] = hash('sha512',
- $db_password . $user_browser);
- $_SESSION['userrole'] = $userrole;
- // Login successful.
- return true;
- } else {
- $now = time();
- $conn->query("INSERT INTO login_attempts(idOccupant, time)
- VALUES ('$user_id', '$now')");
- return false;
- }
- }
- } else {
- return false;
- }
- }
- }
- <?php
- include 'php/adminloginfunctions.php';
- echo $_SESSION['userrole'];
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement