session_start();// AJAX CALLS THIS LOGIN CODE TO EXECUTEif(isset($_POST["e"]))

1. session_start();
2. // AJAX CALLS THIS LOGIN CODE TO EXECUTE
3. if(isset($_POST["e"])){
4.  
5. // Get user ip address
6. $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
7. // Get referer from header
8. $refer = preg_replace('#[^a-z0-9 -._]#i', '.', getenv('HTTP_REFERER'));
9. // Set variable for possible logging
10. $csrf = "";
11. // Check for login session
12. if(isset($_SESSION['login']) && isset($_SESSION['login']['tm']) && isset($_SESSION['login']['tk']) && isset($_POST['t'])){
13. // Sanitize everything now
14. $sTimestamp = preg_replace('#[^0-9]#', '', $_SESSION['login']['tm']);
15. $sToken = preg_replace('#[^a-z0-9.-]#i', '', $_SESSION['login']['tk']);
16. $fToken = preg_replace('#[^a-z0-9.-]#i', '', $_POST['t']);
17. // Make sure we have values after sanitizing
18. if($sTimestamp != "" && $sToken != "" && $fToken != ""){
19. // Check if session and post token match
20. if($fToken !== $sToken){
21. $csrf .= "Form token and session token do not match|";
22. }
23. // Do 5 minute check
24. $elapsed = time() - $sTimestamp;
25. if($elapsed > 300){
26. $csrf .= "Expired session|";
27. }
28. // add more checks here if needed
29. } else {
30. $csrf .= "A critical session or form token post was empty after sanitization|";
31. }
32. } else {
33. // Something fishy is going on .. our session is not set
34. $csrf .= "A critical session or form token post was not set|";
35. }
36. // CONNECT TO THE DATABASE
37. include_once("../php_includes/db_conx.php");
38.  
39. // Check our errors here
40. if($csrf !== ""){
41. // At least one of our tests above was failed
42. // Sanitize the e & p posts for logging
43. $e = mysqli_real_escape_string($db_conx, $_POST['e']);
44. $p = mysqli_real_escape_string($db_conx, $_POST['p']);
45. // Time to log this
46. $sql = "INSERT INTO logging (dt, ip, referer, issues, epost, ppost)
47. VALUES(now(),'$ip','$refer','$csrf','$e','$p')";
48. $query = mysqli_query($db_conx, $sql);
49. mysqli_close($db_conx);
50. // Unset
51. if(isset($_SESSION['login'])){
52. unset($_SESSION['login']);
53. }
54. // Throttle back the attack
55. sleep(3);
56. // Return generic login_failed and exit script
57. echo "login_faileds";
58. exit();
59. }
60.  
61. // GATHER THE POSTED DATA INTO LOCAL VARIABLES AND SANITIZE
62. $e = mysqli_real_escape_string($db_conx, $_POST['e']);
63. $p = md5($_POST['p']);
64. // GET USER IP ADDRESS
65. //$ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
66. // FORM DATA ERROR HANDLING
67. if($e == "" || $p == ""){
68. echo "login_failed";
69. exit();
70. } else {
71. // END FORM DATA ERROR HANDLING
72. $sql = "SELECT id, username, password FROM users WHERE email='$e' AND activated='1' LIMIT 1";
73. $query = mysqli_query($db_conx, $sql);
74. $row = mysqli_fetch_row($query);
75. $db_id = $row[0];
76. $db_username = $row[1];
77. $db_pass_str = $row[2];
78. if($p != $db_pass_str){
79. echo "login_failed";
80. exit();
81. } else {
82. // CREATE THEIR SESSIONS AND COOKIES
83. $_SESSION['userid'] = $db_id;
84. $_SESSION['username'] = $db_username;
85. $_SESSION['password'] = $db_pass_str;
86. setcookie("id", $db_id, strtotime( '+30 days' ), "/", "", "", TRUE);
87. setcookie("user", $db_username, strtotime( '+30 days' ), "/", "", "", TRUE);
88. setcookie("pass", $db_pass_str, strtotime( '+30 days' ), "/", "", "", TRUE);
89. // UPDATE THEIR "IP" AND "LASTLOGIN" FIELDS
90. $sql = "UPDATE users SET ip='$ip', lastlogin=now() WHERE username='$db_username' LIMIT 1";
91. $query = mysqli_query($db_conx, $sql);
92.  
93. //Unset that login session if they logged in
94. if(isset($_SESSION['login'])){
95. unset($_SESSION['login']);
96. }
97.  
98. echo $db_username;
99. exit();
100. }
101. }
102. exit();
103. }
104.  
105. <?php
106.  
107. // If user is already logged in, header that person away
108. if($user_ok == true){
109. header("location: user.php?u=".$_SESSION["username"]);
110. exit();
111. }
112. ?><?php
113.  
114. $salt = "h89ZzxKYassa40832";
115. $timestamp = time();
116. $tk = str_shuffle(md5(uniqid().md5($salt)));
117. $tk = preg_replace('#[^a-z0-9.-]#i', '', $tk);
118. $ses_array = array("tm" => $timestamp, "tk" => $tk);
119. if(!isset($_SESSION['login'])){
120. $_SESSION['login'] = $ses_array;
121. } else {
122. unset($_SESSION['login']);
123. $_SESSION['login'] = $ses_array;
124.  
125.  
126. ?>
127. <!DOCTYPE html>
128. <html>
129. <head>
130. <meta charset="UTF-8">
131. <title>Log In</title>
132.  
133. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
134.  
135. <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.3/jquery- ui.min.js"></script>
136. <script src="js/main.js"></script>
137. <script src="js/ajax.js"></script>
138.  
139. <script>
140. //Get inital timestamp for 5 minute limit
141. var startTime = new Date().valueOf();
142.  
143. function emptyElement(x){
144. _(x).innerHTML = "";
145. }
146. function login(){
147. // Make sure time has not expired
148. var postTime = new Date().valueOf();
149. var totalTime = Math.ceil((postTime - startTime)/1000);
150. //If 5 minutes has passed, make them refresh
151. // a few seconds off for page loading time 300-> 295
152. if(totalTime > 295){
153. _("loginbtn").style.display = "none";
154. _("email").style.display = "none";
155. _("password").style.display = "none";
156. _("status").innerHTML = '<strong style="color:#F00;">You have time out, Please refresh your browser</strong>';
157. return false;
158.  
159. }
160.  
161.  
162. var e = _("email").value;
163. var p = _("password").value;
164. if(e == "" || p == ""){
165. _("status").innerHTML = "Fill out all of the form data";
166. } else {
167. _("loginbtn").style.display = "none";
168. _("status").innerHTML = 'please wait ...';
169. var ajax = ajaxObj("POST", "php_parsers/login_parse.php");
170. ajax.onreadystatechange = function() {
171. if(ajaxReturn(ajax) == true) {
172. if(ajax.responseText == "login_failed"){
173. _("status").innerHTML = "Login unsuccessful, please try again.";
174. _("loginbtn").style.display = "block";
175. }else if(ajax.responseText == "login_faileds"){
176. _("status").innerHTML = "problem with csrf";
177. _("loginbtn").style.display = "block";
178. }
179.  
180. else {
181. window.location = "user.php?u="+ajax.responseText;
182. }
183. }
184. }
185. //ajax.send("e="+e+"&p="+p);
186. ajax.send("e="+e+"&p="+p+"&t=<?php echo $_SESSION['login']['tk']; ?>");
187. }
188. }
189. </script>
190.  
191. </head>
192. <body>
193.  
194.  
195. <h3>Log In Here</h3>
196. <!-- LOGIN FORM -->
197. <form role="form" id="loginform" onsubmit="return false;">
198. <div class="form-group">
199. <label for="email">Email Address:</label>
200. <input type="text" class="form-control" id="email" onfocus="emptyElement('status')" maxlength="88">
201. </div>
202. <div class="form-group">
203. <label for="password">Password:</label>
204. <input type="password" class="form-control" id="password" onfocus="emptyElement('status')" maxlength="100">
205. </div>
206.  
207. <button id="loginbtn" onclick="login()">Log In</button>
208. <p id="status"></p>
209. <a href="forgot.php">Forgot Your Password?</a>
210. </form>
211. <!-- LOGIN FORM -->
212. </div>
213. </div>
214. </div>
215.  
216. </body>
217. </html>