Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if($_POST) {
- if(isset($_POST['username']) AND isset($_POST['password']) AND !empty($_POST['username']) AND !empty($_POST['password'])) {
- $username = htmlspecialchars($_POST['username']);
- $password = htmlspecialchars($_POST['password']);
- $checkbox = htmlspecialchars($_POST['checkbox']);
- $requ1 = $bdd->prepare("SELECT * FROM users WHERE username = ?");
- $requ1->execute(array($username));
- $user = $requ1->fetch();
- if($user) {
- if($user['valid']) {
- if(password_verify($password, $user['password'])) {
- $checkip = $bdd->prepare("SELECT * FROM blockedip WHERE ip = ? AND blocked = 1");
- $checkip->execute(array($_SERVER["REMOTE_ADDR"]));
- $verifip = $checkip->rowCount();
- if($verifip == 0) {
- if(isset($checkbox) AND !empty($checkbox)) {
- $remember = bin2hex(openssl_random_pseudo_bytes(16));
- $insertoken = $bdd->prepare("INSERT INTO users (remember) VALUES (?)");
- $insertoken->execute(array($remember));
- setcookie('remember', $remember, time() + 365*24*3600, null, null, false, true);
- $checkip = $bdd->prepare("SELECT * FROM blockedip WHERE ip = ?");
- $checkip->execute(array($_SERVER["REMOTE_ADDR"]));
- if($checkip->rowCount() == 1) {
- $insertattempt = $bdd->prepare("UPDATE blockedip SET attempt = 0 WHERE ip = ?");
- $insertattempt->execute(array($_SERVER["REMOTE_ADDR"]));
- }
- header("location: ../home/home.php");
- exit();
- } else {
- $_SESSION['id'] = $user['id'];
- $_SESSION['username'] = $user['username'];
- $_SESSION['email'] = $user['email'];
- $_SESSION['gender'] = $user['gender'];
- $checkip = $bdd->prepare("SELECT * FROM blockedip WHERE ip = ?");
- $checkip->execute(array($_SERVER["REMOTE_ADDR"]));
- $verifip = $checkip->rowCount();
- if($verifip == 1) {
- $insertattempt = $bdd->prepare("UPDATE blockedip SET attempt = 0 WHERE ip = ?");
- $insertattempt->execute(array($_SERVER["REMOTE_ADDR"]));
- }
- header("location: ../home/home.php");
- exit();
- }
- } else {
- $error = "Dû aux nombreux essais de connexion, votre ip a été bloquée.";
- }
- } else {
- $checkip = $bdd->prepare("SELECT * FROM blockedip WHERE ip = ?");
- $checkip->execute(array($_SERVER["REMOTE_ADDR"]));
- if($checkip->rowCount() == 0) {
- $insertip = $bdd->prepare("INSERT INTO blockedip (ip, attempt, blocked) VALUES (?, 1, 0)");
- $insertip->execute(array($_SERVER["REMOTE_ADDR"]));
- $error = "Mauvais identifiants";
- } else {
- $checkipverif = $checkip->fetch();
- if($checkipverif['attempt'] >= 10) {
- $blockedip = $bdd->prepare('UPDATE blockedip SET blocked = 1 WHERE ip = ?');
- $blockedip->execute(array($_SERVER["REMOTE_ADDR"]));
- $error = "Votre ip vient d'être bloquée dû à plusieurs essais de connexion !";
- } else {
- $insertattempt = $bdd->prepare("UPDATE blockedip SET attempt = ? WHERE ip = ?");
- $insertattempt->execute(array($checkipverif['attempt']++, $_SERVER["REMOTE_ADDR"]));
- $error = "Mauvais identifiants";
- }
- }
- }
- } else {
- $error = "Votre compte n'a pas encore été activé !";
- }
- } else {
- $error = "Utilisateur inexistant !";
- }
- } else {
- $error = "Tous les champs doivent être complétés !";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement