Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if(isset($_POST["login"]) || isset($_SESSION["username"]) && isset($_SESSION["password"])) // POST for logging, SESSIONS for autologin
- {
- $username=isset($_POST['username']) ? $_POST['username'] : $_SESSION["username"];
- $password=isset($_POST['password']) ? $_POST['password'] : $_SESSION["password"];
- if(empty($username)) $err[].="Username is empty";
- if(empty($password)) $err[].="Password is empty";
- if(!ctype_alnum($username.$password)) $err[].="Username and Password must contain only alphanumeric symbols!";
- if(!$err)
- {
- // If the user is logging in, data will be read from regular DB, if autologin, then from memory
- $sql = isset($_POST["login"])
- ? mysqli_prepare($con, "SELECT u_id FROM accounts WHERE u_username=? AND u_password=? LIMIT 1")
- : mysqli_prepare($con, "SELECT t_userid,t_ip FROM mem_login WHERE t_username=? AND t_password=? LIMIT 1");
- mysqli_stmt_bind_param($sql, "ss", $username, $password);
- mysqli_stmt_execute($sql);
- isset($_POST['login']) ? mysqli_stmt_bind_result($sql, $id) : mysqli_stmt_bind_result($sql, $id, $ip);
- mysqli_stmt_fetch($sql);
- mysqli_stmt_close($sql);
- if($id!=0 && isset($ip) ? $ip==$_SERVER['REMOTE_ADDR'] : TRUE) // If autologin, check if ip is same as current ip
- {
- define("LOGGED", TRUE, FALSE);
- $user["t_userid"]=$id;
- if(isset($_POST["login"]))
- {
- mysqli_query($con,"DELETE FROM mem_login WHERE t_userid=$id");
- $_SESSION["username"]=$username;
- $_SESSION["password"]=$password;
- $sql = mysqli_prepare($con, "INSERT INTO mem_login (t_userid,t_ip,t_username,t_password) VALUES (?,?,?,?)");
- mysqli_stmt_bind_param($sql, "isss", $id, $_SERVER['REMOTE_ADDR'], $username, $password);
- mysqli_stmt_execute($sql);
- mysqli_stmt_close($sql);
- }
- } else define("LOGGED", FALSE, FALSE);
- } else define("LOGGED", FALSE, FALSE);
- } else define("LOGGED", FALSE, FALSE);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement