Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Functions file:
- // ToDo: IPlocking (W.I.P)
- // ToDo: POST-check + if-statement for $bericht + locationheader (W.I.P)
- function sqlsafe($data) {
- $data = mysql_real_escape_string($data);
- return $data;
- }
- // Make MySQL-database connection
- @mysql_connect($server, $user,$pass) or die ("Can't connect to MySQL database server");
- @mysql_select_db($database) or die("Can't find database.");
- // Start here the login action, and make the random hash
- if(($_SERVER['REQUEST_METHOD'] == "POST") && ($_POST['login'])) {
- $selectleden = mysql_query("SELECT * FROM $ledentabel WHERE username = '".sqlsafe($_POST['username'])."' AND password = '".sqlsafe(md5($_POST['password']))."'");
- if(mysql_num_rows($selectleden)) {
- // Ingelogd
- $hash = md5(uniqid(rand(), true));
- $get_id = mysql_query("SELECT id FROM ".$ledentabel." WHERE username = '".sqlsafe($_POST['username'])."' AND password = '".sqlsafe(md5($_POST['password']))."'");
- $fetch_id = mysql_fetch_assoc($get_id);
- $insert_session = mysql_query("INSERT INTO sessions (id, userid, hash, logintime) VALUES ('','".$fetch_id['id']."','".$hash."',NOW())");
- // for debugging:
- #$bericht = "Ingelogd met hash: ".$hash." En je hebt id-nummer:".$fetch_id['id'];
- if ($insert_session) {
- setcookie ("id", $fetch_id['id'],time()+$_POST['sessiontime']);
- setcookie ("hash", $hash,time()+$_POST['sessiontime']);
- header('location:menu.php');
- } else {
- echo "Fout in de query: ".mysql_error();
- exit();
- }
- } else {
- // Foute pass
- $bericht = "<b>Je inloggegevens komen niet overeen met wat in de database staan.</b>";
- }
- }
- // here is the function for the login-check
- function checklogin() {
- if (mysql_num_rows(mysql_query("SELECT userid, `hash` FROM `sessions` WHERE `userid` = '".sqlsafe($_COOKIE['id'])."' AND `hash` = '".sqlsafe($_COOKIE['hash'])."'"))) {
- $return = TRUE;
- } else {
- $return = FALSE;
- }
- return $return;
- }
- // Data uit leden-tabel oproepen ($get_userdata['username'], $get_userdata['warnings']
- $get_data_qry = mysql_query("SELECT userid, `hash` FROM `sessions` WHERE `userid` = '".sqlsafe($_COOKIE['id'])."' AND `hash` = '".sqlsafe($_COOKIE['hash'])."'");
- $get_data = mysql_fetch_assoc($get_data_qry);
- $get_userdata = mysql_fetch_assoc(mysql_query("SELECT * FROM $ledentabel WHERE id = '".$get_data['userid']."'"));
- ?>
Add Comment
Please, Sign In to add comment