Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Logged In user switching to another user in PHP session
- <?php
- // This is the login page for the site.
- require_once ('../includes/config.inc.php');
- // Set the page title and include the HTML header.
- $page_title = 'Page Title';
- include ('../includes/header.php');
- $mysqli = mysqli_connect("localhost", "some", "some", "some");
- if(isset($_SESSION['user_id'])) {
- $url = BASE_URL . 'index.php'; // Define the URL.
- header("Location: $url");
- exit(); // Quit the script.
- }
- //HTML Purifier
- require '../htmlpurifier/library/HTMLPurifier.auto.php';
- //End HTML Purifier
- if (isset($_POST['submitted'])) { // start of submit conditional.
- require_once (MYSQL);
- // Validate the username or email address:
- if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
- $e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
- } else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
- $e = FALSE;
- echo 'Error';
- } else {
- $e = FALSE;
- echo 'Error';
- }
- // Validate the password:
- if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
- $p = mysqli_real_escape_string($dbc, $_POST['pass']);
- } else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
- $p = FALSE;
- echo 'Error';
- } else {
- $p = FALSE;
- echo 'Error';
- }
- if(($e != FALSE) && ($p != FALSE)) { // check pass
- $pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL";
- $ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_saltn<br />MySQL Error: " . mysqli_error($dbc));
- while($row = mysqli_fetch_array($ph)){
- $password = $row['password'];
- $salt = $row['salt'];
- }
- if(!empty($salt)) {
- $sha512 = hash('sha512', $p . $salt);
- }
- if(!empty($password) == !empty($sha512)){
- $user_pass = TRUE;
- } else {
- $user_pass = FALSE;
- }
- }
- if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
- $q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
- $r = mysqli_query ($dbc, $q) or trigger_error("Query: $qn<br />MySQL Error: " . mysqli_error($dbc));
- if (@mysqli_num_rows($r) == 1) {
- // Register the values & redirect:
- $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
- // check if user is logged in then update the old login date
- $u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";
- // save the info to the database
- $r = mysqli_query ($dbc, $u);
- mysqli_free_result($r);
- mysqli_close($dbc);
- $url = BASE_URL . 'home/'; // Define the URL:
- header("Location: $url");
- exit(); // Quit the script.
- } else { // No match was made.
- echo 'Error';
- }
- } else { // If everything wasn't OK.
- echo 'Error';
- }
- mysqli_close($dbc);
- }
- ?>
- <?php
- ob_start(); // Start output buffering. // This is the logout page for the site.
- session_start(); // Initialize a session.
- require_once ('../includes/config.inc.php');
- $page_title = 'Title';
- // If no user_id session variable exists, redirect the user:
- if (!isset($_SESSION['user_id'])) {
- $url = BASE_URL . 'index.php'; // Define the URL.
- ob_end_clean(); // Delete the buffer.
- header("Location: $url");
- exit(); // Quit the script.
- } else { // Log out the user.
- $_SESSION = array(); // Destroy the variables.
- session_destroy(); // Destroy the session itself.
- setcookie(session_name(), '', time() - 2592000, '/'); // Destroy the cookie.
- }
- $url = BASE_URL;
- ob_end_clean();
- header("Refresh: 3; $url");
- include ('../includes/header.php');
- $mysqli = mysqli_connect("localhost", "some", "some", "some");
- include ('../includes/footer.php');
- exit(); // Quit the script.
- ?>
- ob_start();// Start output buffering.
- session_start();// Initialize a session.
- // Set the page title and include the HTML header.
- $page_title = 'Title';
- include ('../includes/header.php');
- // Include the configuration file for error management and such.
- require_once ('../includes/config.inc.php');
- require_once ('../mysqli_connect.php'); // Connect to the db.
- $mysqli = mysqli_connect("localhost", "some", "some", "some");
- // If no user_id session variable exists, redirect the user:
- if (!isset($_SESSION['user_id'])) {
- $url = BASE_URL . 'index.php'; // Define the URL.
- ob_end_clean(); // Delete the buffer.
- header("Location: $url");
- exit(); // Quit the script.
- }
- ...WHERE
- (contact_info.email = '" . $e . "' OR users.username = '" . $e . "')
- AND
- users.password = '" . $sha512 . "'
- AND
- users.active IS NULL"
Add Comment
Please, Sign In to add comment