Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if ($type == 'login')
- {
- echo 's';
- $username = $_POST['username'];
- $password = $_POST['password'];
- $date = strtotime('-1 hour', time());
- $attempts=$odb->query("SELECT COUNT(*) FROM `loginlogs` WHERE `ip` = '$ip' AND `username` LIKE '%failed' AND `date` BETWEEN '$date' AND CURRENT_TIMESTAMP()")->fetchColumn(0);
- if ($attempts>2) {
- $date = strtotime('+1 hour', $waittime=$odb->query("SELECT `date` FROM `loginlogs` WHERE `ip` = '$ip' ORDER BY `date` DESC LIMIT 1")->fetchColumn(0) - time());
- die(error('Too many failed attempts. Please wait '.$date.' seconds and try again.'));
- }
- //Check fields
- if (empty($username) || empty($password) || !ctype_alnum($username) || strlen($username) < 4 || strlen($username) > 15)
- {
- die(error('Please fill in all fields.'));
- }
- //Check login details
- $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
- $SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1(md5($password))));
- $countLogin = $SQLCheckLogin -> fetchColumn(0);
- if (!($countLogin == 1))
- {
- $SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, CURRENT_TIMESTAMP, 'XX')");
- $SQL -> execute(array(':username' => $username,':ip' => $ip));
- die(error('Username or password are invalid.'));
- }
- //Check if the user is banned
- $SQL = $odb -> prepare("SELECT `status` FROM `users` WHERE `username` = :username");
- $SQL -> execute(array(':username' => $username));
- $status = $SQL -> fetchColumn(0);
- if ($status == 1)
- {
- $ban = $odb -> query("SELECT `reason` FROM `bans` WHERE `username` = '$username'") -> fetchColumn(0);
- die(error('You are banned. Reason: '.htmlspecialchars($ban)));
- }
- //Insert login log and log in
- $SQL = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username");
- $SQL -> execute(array(':username' => $username));
- $userInfo = $SQL -> fetch();
- $ipcountry = json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip)) -> {'geoplugin_countryName'};
- if (empty($ipcountry)) {$ipcountry = 'XX';}
- $SQL = $odb -> prepare('INSERT INTO `loginlogs` VALUES(:username, :ip, CURRENT_TIMESTAMP, :ipcountry)');
- $SQL -> execute(array(':ip' => $ip, ':username' => $username, ':ipcountry' => $ipcountry));
- $_SESSION['username'] = $userInfo['username'];
- $_SESSION['ID'] = $userInfo['ID'];
- echo success(' Login Successful. Redirecting...<meta http-equiv="refresh" content="3;URL=index.php">');
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement