<?phpinclude 'session.inc';include 'account_type.php';$user_email = $_PO

1. <?php
2. include 'session.inc';
3. include 'account_type.php';
4.  
5. $user_email = $_POST['email'];
6. $user_password = $_POST['password'];
7.  
8. if ($user_email && $user_password !== null) {
9.     $approved = auth_user($user_email, $user_password);
10. if (isset($_SESSION['username'])) {
11.     header('Location:http://blog.agwconitsha.org/');
12. }
13. else if (!isset($_SESSION['error'])) {
14.     $_SESSION['username'] = $approved;
15.     foreach(unserialize(file_get_contents('all_users.php')) as $user => $value) {
16.         if ($value == $approved) {
17.             $user->set_last_login();
18.         }
19.     }
20.     header('Location: http://blog.agwconitsha.org/');
21. }
22. }
23.  
24. function auth_user($email, $password){
25.     $mysqli = mysqli_connect("localhost", "root",  "41657", "general_db");
26.     $query = "SELECT username, password FROM users WHERE email=$email";
27.     if (mysqli_connect_errno()) {
28.         die("Did not authenticate user because" . mysqli_connect_error());
29.     }
30.     else {
31.     if ($registered = mysqli_query($mysqli, $query)) {
32.     if (mysqli_num_rows($registered) == 0 || (!password_verify($password, mysqli_fetch_assoc($registered)['password']))) {
33.         return $_SESSION['error'] = 'incorrect email or password';
34.     }
35.     else {
36.         while ($row = mysqli_fetch_assoc($registered)){
37.         return $row['username'];
38.         };
39.     }
40.     mysqli_close($registered);
41.     }
42.     }
43. }
44. ?>