Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set('display_errors', 1);
- ini_set('display_startup_errors', 1);
- error_reporting(E_ALL);
- session_start();
- require_once '../../include/lang/default.php';
- require_once '../../include/config.php';
- require_once '../../include/functions.php';
- echo '
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>'.$Header['TitleLogin'].'</title>
- '.$HeaderFiles['Css'].'
- '.$HeaderFiles['Js'].'
- </head>
- <body>
- <div id="container">
- ';
- if(!isset($_SESSION['SessionUser'])){
- $intResetTime= time();
- echo '
- <table>
- <form method="POST">
- <tr>
- <td><a href="">Crime-Riders.dk</a></td>
- </tr>
- <tr>
- <td>Login</td>
- </tr>
- <tr>
- <td><input type="text" name="strUser" placeholder="User"/></td>
- </tr>
- <tr>
- <td><input type="password" name="strPass" placeholder="Pass" /></td>
- </tr>
- <tr>
- <td><input type="submit" name="SubmitLogin" value="Login" /></td>
- </tr>
- <tr>
- <td><a href="register.php">Register?</a></td>
- </tr>
- <tr>
- <td><a href="recover.php">Forgotten Password?</a></td>
- </tr>
- </form>
- </table>
- ';
- }else{
- echo 'You are already logged in.';
- };
- ######## $_POST['SubmitLogin" - Delete me"']
- if(isset($_POST['SubmitLogin - Delete me'])){
- $strUser = mysqli_real_escape_string($db,(filter_var($_POST['strUser'],FILTER_SANITIZE_STRING)));
- $strPass = mysqli_real_escape_string($db,trim($_POST['strPass']));
- $intIP = mysqli_real_escape_string($db,$_SERVER['REMOTE_ADDR']);
- $intDate = date('H:i:s - d-m-Y');
- if(!empty($_POST['strUser']) && !empty($_POST['strPass'])){
- $dbF = $db->query("SELECT * FROM users WHERE strUser = '".$strUser."'") or die (mysqli_error($db));
- $intQ = mysqli_num_rows($dbF);
- if($intQ == true){
- $dbD = $dbF->fetch_object();
- $hashedPassword = $dbD->strPass;
- if(verify($strPass, $hashedPassword)){
- #if($strPass === crypt( $strPass, $strPass)
- #Password Verify successful
- if($dbD->intID && $dbD->strUser == $strUser){
- $strSession = session_id();
- if($dbD->intSession == $strSession){
- $_SESSION['SessionUser'] = $strUser;
- echo '
- <script language="javascript">
- document.location.href="../Home/Profile.php"
- </script>
- ';
- }else{
- echo 'sessions no match.';
- $dbF = $db->query("UPDATE users SET intSession = '".session_id()."' WHERE strUser = '".$strUser."'") or die (mysqli_error($db));
- }else{
- echo 'Failed.';
- };
- }else{
- #Password verify failed.
- echo 'Password verify failed.';
- };
- }else{
- #User cant be found in system.
- echo 'User cant be found in system.';
- };
- }else{
- #You have field(s) empty.
- echo 'You have field(s) empty.';
- };
- };
- echo '
- </div>
- </body>
- </html>
- ';
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
