Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Yahoo Answers' Question: http://answers.yahoo.com/question/index?qid=20130618122444AAd3LfO
- session_start();
- $message = '';
- if( isset($_POST['login']) ){
- $username = addslashes( strip_tags( trim( $_POST['username'] ) ) ); // Although you should be using your databases escaping function
- $password = addslashes( strip_tags( trim( $_POST['password'] ) ) );
- if( isset($username{0}) && isset($password{0}) ){
- // No Reason to waste the connection, unless it is actually needed.
- require_once( 'dbConnect.php' );
- // MD5 Hash the password
- $password = md5($password);
- $stmt = "SELECT userName,active,email FROM user WHERE userName='{$username}' AND password='{$password}' LIMIT 1";
- $result = mysql_query($stmt);
- if( !$result ){
- $message .= 'Internal Error: ' . mysql_error() . '<br />';
- }else if( mysql_num_rows($result) === 0){
- // Never tell someone that the username is correct, while the password
- // is incorrect. It simply opens yourself up to brute force attacks.
- $message .= 'Username/Password combo is incorrect. Please try again.';
- }else{
- $row = mysql_fetch_assoc($result); // Only one row returned, no need for a while loop for one.
- $active = (int)$row['active'];
- $email = $row['email'];
- if( $active === 0 ){
- // Never show a full email address, when the viewer might not be the owner of the address.
- // This will show the user the first three characters of the username, then filled with '*',
- // then the domain. Enough for someone who knows, to know which of their addresses they
- // registered with (Privacy).
- list( $eUser, $domain) = explode( '@', $row['email'], 2); // Although it doesn't account for all emails, it does account for 99.99% of email addresses.
- $len = strlen($eUser);
- $eUser = substr($eUser, 0, 3) . str_pad('', ($len - 3), '*');
- $email = $eUser . '@' . $domain;
- $message .= "You haven't activated your account, Please check ($email) to activate this account.<br />";
- }else{
- $_SESSION['username'] = $row['username'];
- header('Location: login.php'); // This might not be the page you wanted.
- exit;
- }
- }
- }else{
- $message .= 'Both Username and Password are required.';
- }
- }
- if( isset($message{1})){
- $message = '<p style="font-weight: bold;">' . $message . '</p>' . PHP_EOL;
- }
- if( isset($_SESSION['username']) ){
- echo "You are logged in, " . $_SESSION['username'] . ". <a href='logout.php'>Log out</a>";
- }else{
- echo '
- <div id="login-wrapper" class="png_bg">
- <div id="login-top">
- <img title="Greeny Logo" alt="Greeny Logo" src="images/Logo.png" />
- </div>
- ' . $message . '
- <div id="login-content">
- <form method="post" action="login.php">
- <p>
- <label>Username</label>
- <input class="text-input" type="text" name="username" />
- </p>
- <br style="clear: both;">
- <br />
- <p>
- <label>Password</label>
- <input class="text-input" type="password" name="password" />
- </p>
- <br style="clear: both;">
- <br />
- <p>
- <input class="button" type="submit" value="Sign In" name="login" />
- </p>
- </form>
- </div>
- </div>
- <div id="dummy"></div>
- <div id="dummy2"></div>';
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement