Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- ** -=LOGIN.PHP=- **
- if($form->num_errors > 0){
- echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";
- }
- ?>
- <form action="process.php" method="POST">
- <table align="center" border="0" cellspacing="0" cellpadding="3">
- <tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td></tr>
- <tr><td colspan="2" align="right"><? echo $form->error("user"); ?></td></tr>
- <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td></tr>
- <tr><td colspan="2" align="right"><? echo $form->error("pass"); ?></td></tr>
- <tr><td colspan="2" align="right">
- <input type="hidden" name="remember" checked>
- <input type="hidden" name="sublogin" value="1">
- <input type="submit" value="Login"></td><td></td></tr>
- <tr><td colspan="2" align="center"><font size="2">[ <a href="forgotpass.php">Forgot Password</a> ] - [
- <a href="register.php"> Register </a>]</font></td><td></td></tr>
- </table>
- </form>
- ** -=PROCESS.PHP-= **
- if(isset($_POST['sublogin'])){
- $this->procLogin();
- }
- ...
- function procLogin(){
- global $session, $form, $database;
- /* Login attempt */
- $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
- $subuser = stripslashes($_POST['user']);
- if($database->usernameBanned($subuser)){
- $retval = $session->logout();
- header("Location: banned.php");
- }
- /* Login Successful */
- elseif($retval){
- header("Location: ".$session->referrer);
- }
- else{
- $_SESSION['value_array'] = $_POST;
- $_SESSION['error_array'] = $form->getErrorArray();
- header("Location: ".$session->referrer);
- }
- }
- ** -=SESSION.PHP=- **
- function login($subuser, $subpass, $subremember){
- global $database, $form; //The database and form object
- /* Username error checking */
- $field = "user"; //Use field name for username
- if(!$subuser || strlen($subuser = trim($subuser)) == 0){
- $form->setError($field, "* Username not entered");
- }
- else{
- /* Check if username is not alphanumeric */
- if(!eregi("^([0-9a-z])*$", $subuser)){
- $form->setError($field, "* Username not alphanumeric");
- }
- }
- /* Password error checking */
- $field = "pass"; //Use field name for password
- if(!$subpass){
- $form->setError($field, "* Password not entered");
- }
- /* Return if form errors exist */
- if($form->num_errors > 0){
- return false;
- }
- /* Checks that username is in database and password is correct */
- $subuser = stripslashes($subuser);
- $result = $database->confirmUserPass($subuser, md5($subpass));
- /* Check error codes */
- if($result == 1){
- $field = "user";
- $form->setError($field, "* Username not found");
- }
- else if($result == 2){
- $field = "pass";
- $form->setError($field, "* Invalid password");
- }
- /* Return if form errors exist */
- if($form->num_errors > 0){
- return false;
- }
- /* Username and password correct, register session variables */
- $this->userinfo = $database->getUserInfo($subuser);
- $this->username = $_SESSION['username'] = $this->userinfo['username'];
- $this->userid = $_SESSION['userid'] = $this->generateRandID();
- $this->userlevel = $this->userinfo['userlevel'];
- /* Insert userid into database and update active users table */
- $database->updateUserField($this->username, "userid", $this->userid);
- $database->addActiveUser($this->username, $this->time);
- $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
- if($subremember){
- setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
- setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
- }
- $q = "SELECT username,timestamp,banduration FROM ".TBL_BANNED_USERS." ORDER BY username";
- $result = $database->query($q);
- $num_rows = mysql_numrows($result);
- for($i=0; $i<$num_rows; $i++){
- $uname = mysql_result($result,$i,"username");
- $time = mysql_result($result,$i,"timestamp");
- $banlength = mysql_result($result,$i,"banduration");
- $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE ".time()." > $banlength";
- $database->query($q);
- return true;
- }
- }
- ** -=DATABASE.PHP=- **
- function confirmUserPass($username, $password){
- /* Add slashes if necessary (for query) */
- if(!get_magic_quotes_gpc()) {
- $username = addslashes($username);
- }
- /* Verify that user is in database */
- $q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
- $result = mysql_query($q, $this->connection);
- if(!$result || (mysql_numrows($result) < 1)){
- return 1; //Indicates username failure
- }
- /* Retrieve password from result, strip slashes */
- $dbarray = mysql_fetch_array($result);
- $dbarray['password'] = stripslashes($dbarray['password']);
- $password = stripslashes($password);
- /* Validate that password is correct */
- if($password == $dbarray['password']){
- return 0; //Success! Username and password confirmed
- }
- else{
- return 2; //Indicates password failure
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement