Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once('includes/database.php');
- function authenticate($username="", $password="", $captcha="") {
- global $database;
- $auth;
- $username = $database->escape_value($username);
- $password = $database->escape_value($password);
- if($captcha != ""){
- $cstatus = check_captcha($captcha);
- } else $cstatus = true;
- $sql = "SELECT * FROM users ";
- $sql .= "WHERE username = '{$username}' ";
- $sql .= "AND password = '{$password}' ";
- $sql .= "LIMIT 1";
- $result_array = find_by_sql($sql);
- $row = $database->fetch_array($result_array);
- //is succesful set sesssion and clear bac login db
- //else increment bad login
- if(!empty($row) && $cstatus){
- $_SESSION['user_id'] = $row['uID'] ;
- $_SESSION['logged_in'] = true;
- clear_badattempt($username);
- $auth = 1;
- } else{
- if(check_login_attempts($username) >= 3){
- //update bad attemptd in db ans set $auth
- update_badattempt($username);
- $auth =3;
- if (!$cstatus){
- $auth = 4;
- }
- }else{
- //update bad login attempt in db
- update_badattempt($username);
- $auth = 2;
- }
- }
- return $auth;
- }
- function check_captcha($captcha){
- if($captcha == $_SESSION["CaptchaCode"]){
- return true;
- }else return false;
- }
- function get_data($fname=""){
- global $database;
- $fname = $database->escape_value($fname);
- $sql = "SELECT * FROM regdata ";
- if($fname != ""){
- $sql .= "WHERE FName like '{$fname}' ";
- }
- //run query
- $result_array = find_by_sql($sql);
- return $database->fetch_all($result_array);
- }
- // Database Methods
- function update_badattempt($username=""){
- global $database;
- echo $username;
- $sql = "INSERT INTO login_attempt ( ";
- $sql .= "username, ip";
- $sql .= ") VALUES ('";
- $sql .= $username ."', '";
- $sql .= $_SERVER['REMOTE_ADDR'] . "' )";
- if ($database->query($sql)) {
- return true;
- } else {
- return false;
- }
- }
- function check_login_attempts($username=""){
- global $database;
- //time -1hour
- $time = date('Y-m-d H:i:s', time() - 3600);
- $username = $database->escape_value($username);
- $sql = "SELECT * FROM login_attempt ";
- $sql .= "WHERE username = '{$username}' and timestemp > '{$time}'";
- $result = $database->query($sql);
- return $database->num_rows($result);
- }
- function clear_badattempt($username=""){
- global $database;
- $sql = "DELETE FROM login_attempt ";
- $sql .= "WHERE username = '" . $username . "'";
- if ($database->query($sql)) {
- //$this->id = $database->insert_id();
- return true;
- } else {
- return false;
- }
- }
- //return the second lages number in an arrey and find its position.
- $A = array();
- $b = array_slice($A, 1, 1);
- foreach ($A as $value) {
- $i++;
- If($value == $b){$c=$i}
- }
- function find_by_sql($sql="") {
- global $database;
- $result_set = $database->query($sql);
- $object_array = array();
- $object_array = $result_set;
- return $object_array;
- }
- function DBinsert($table, $data) {
- global $database;
- //extract arrey keys as columns
- $columns = implode(", ",array_keys($data));
- //excape arrey values
- $escaped_values = $database->escape_array($data);
- //extract values
- $values = implode("', '", $escaped_values);
- //create sql query
- $sql = "INSERT INTO " . $table . " ($columns) VALUES ('$values')";
- //run query and return status
- if ($database->query($sql)) {
- return true;
- } else {
- return false;
- }
- }
- ?>
Add Comment
Please, Sign In to add comment