SHOW:
|
|
- or go back to the newest paste.
1 | - | if(isset($_POST["login"]) || isset($_SESSION["username"]) && isset($_SESSION["password"])) |
1 | + | if(isset($_POST["login"]) || isset($_SESSION["username"]) && isset($_SESSION["password"])) // POST for logging, SESSIONS for autologin |
2 | { | |
3 | $username=isset($_POST['username']) ? $_POST['username'] : $_SESSION["username"]; | |
4 | $password=isset($_POST['password']) ? $_POST['password'] : $_SESSION["password"]; | |
5 | if(empty($username)) $err[].="Username is empty"; | |
6 | if(empty($password)) $err[].="Password is empty"; | |
7 | if(!ctype_alnum($username.$password)) $err[].="Username and Password must contain only alphanumeric symbols!"; | |
8 | if(!$err) | |
9 | { | |
10 | // If the user is logging in, data will be read from regular DB, if autologin, then from memory | |
11 | $sql = isset($_POST["login"]) | |
12 | ? mysqli_prepare($con, "SELECT u_id FROM accounts WHERE u_username=? AND u_password=? LIMIT 1") | |
13 | : mysqli_prepare($con, "SELECT t_userid,t_ip FROM mem_login WHERE t_username=? AND t_password=? LIMIT 1"); | |
14 | mysqli_stmt_bind_param($sql, "ss", $username, $password); | |
15 | mysqli_stmt_execute($sql); | |
16 | isset($_POST['login']) ? mysqli_stmt_bind_result($sql, $id) : mysqli_stmt_bind_result($sql, $id, $ip); | |
17 | mysqli_stmt_fetch($sql); | |
18 | - | if($id!=0 && isset($ip) ? $ip==$_SERVER['REMOTE_ADDR'] : TRUE) |
18 | + | |
19 | if($id!=0 && isset($ip) ? $ip==$_SERVER['REMOTE_ADDR'] : TRUE) // If autologin, check if ip is same as current ip | |
20 | { | |
21 | define("LOGGED", TRUE, FALSE); | |
22 | $user["t_userid"]=$id; | |
23 | if(isset($_POST["login"])) | |
24 | { | |
25 | mysqli_query($con,"DELETE FROM mem_login WHERE t_userid=$id"); | |
26 | $_SESSION["username"]=$username; | |
27 | $_SESSION["password"]=$password; | |
28 | $sql = mysqli_prepare($con, "INSERT INTO mem_login (t_userid,t_ip,t_username,t_password) VALUES (?,?,?,?)"); | |
29 | mysqli_stmt_bind_param($sql, "isss", $id, $_SERVER['REMOTE_ADDR'], $username, $password); | |
30 | mysqli_stmt_execute($sql); | |
31 | mysqli_stmt_close($sql); | |
32 | } | |
33 | } else define("LOGGED", FALSE, FALSE); | |
34 | } else define("LOGGED", FALSE, FALSE); | |
35 | } else define("LOGGED", FALSE, FALSE); |