Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //login-handler Script Copyright (C) 2017. All Rights Reserved.
- //Server Side includes.
- include_once(__DIR__.'/functions.php');
- // Start PHP session.
- session_start();
- //Get User IP.
- addrlookup();
- If (isset ($_POST['username'], $_POST['password'])) {
- //Get Post Data from Form.
- $user = ($_POST['username']);
- $pass = ($_POST['password']);
- //Strip Special Characters from POST data. The Vars. sanuser and sanpass
- //hold the sanatized data.
- $sanuser = preg_replace("/[^a-zA-Z0-9]/", "", $user);
- $sanpass = preg_replace("/[^a-zA-Z0-9]/", "", $pass);
- //Connect to the database.
- $host = "localhost";
- $servername = "database_name";
- $username = "database_username";
- $dbpassword = "password";
- $conn = mysql_connect($host, $username, $dbpassword, $servername);
- if (!$conn) { die('Could not submit login credentials !<br />Please contact the site administrator.');}
- $query = "SELECT id, username, password, ip, score, ban, login FROM data WHERE username='$sanuser' AND password='$sanpass';";
- $result = mysql_query($query);
- $row = mysql_fetch_array($result);
- global $datapass;
- global $datauser;
- $datauser = $row['username'];
- $datapass = $row['password'];
- if ($datauser !== $sanuser) {
- if ($datapass !== $sanpass) {
- // invalid login information. Unsucessfull login.
- session_unset();
- session_destroy();
- echo '<html><body><h1>Error: Wrong username or password!</h1>';
- echo '<p>Please click <a href="/app-login.php"> HERE</a> to try again.</p></body></html>';
- } else {
- //valid login information. Login was successful.
- $row = mysql_fetch_array($result);
- // Save the SQL data for pass to other scripts
- $_SESSION['id'] = $row['id'];
- $_SESSION['username'] = $row['username'];
- $_SESSION['score'] = $row['score'];
- $_SESSION['ban'] = $row['ban'];
- $_SESSION['ip'] = $row['ip'];
- $_SESSION['login'] = $row['login'];
- global $ban;
- global $log;
- $ban = $row['ban'];
- $log = $row['login'];
- //Now that SQL Data has been converted to vars, close the database connection.
- mysql_close($conn);
- if ($ban=="1") {
- /*Ban returns 0 or 1 binary value. This code executes if ban returns true, based on
- the SQL querry returned. An additional script will allow adminstrator to set ban to
- 1 or 0. Default is set to 0 on signup.*/
- session_unset();
- session_destroy();
- echo 'Sorry your account has been banned';
- } else { //this code executes if Ban returns a binary return of 0.
- if ($log=="1"){
- /*log returns a binary value of 0 or 1. Default is set to 0. If log returns a value of 1,
- user is logged in elsewhere, either on the same system or on a seperate ip. */
- session_unset();
- session_destroy();
- echo '<html><body><h1>Error: Multiple Login</h1>';
- echo '<p>Sorry but you are not allowed to login more than once on the same device, or multple times on multple devices</p></body></html>';
- } else { //insert code to do once user is succesfully logged in and checks have
- //been made for bans and double-login.
- echo '<html><body><h1>Manual Redirect</h1><p><h3>Please click <a href="/app.php">HERE</a> to continue.</h3></p></body></html>';
- } // end successful login case.
- } //end second case for ban check, where ban returns 0.
- } //end case for valid login
- //else statment for usrname not returned correctly from SQL.
- } else {
- session_unset();
- session_destroy();
- echo '<html><body><h1>Error: Wrong username or password!</h1>';
- echo '<p>Please click <a href="/app-login.php"> HERE</a> to try again.</p></body></html>';
- }
- } else {
- //Reject login attempt if post data not set.
- session_unset();
- session_destroy();
- echo '<html><body><h1>Error: Your browser failed to submit credentials.</h1>';
- echo '<p>lease click <a href="/app-login.php> HERE </a> to try again.</p>';
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement