API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 21st, 2016
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.28 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. require_once('inc/constants.inc.php');
  3.  
  4. if(!isset($_SESSION)){
  5. session_start();
  6. }
  7.  
  8.  
  9. if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username']) && $_SESSION['LoggedIn'] == 1){
  10. //echo "<h1>YES, YOU ARE LOGGED IN</h1>";
  11. if(isset($_SESSION['returnURL'])){
  12. if($_SESSION['returnURL'] == "/admin/interactions.php"){
  13. header("Location: index.php");
  14. }else{
  15. header("Location: " . $_SESSION['returnURL']);
  16. }
  17.  
  18. }else{
  19. header("Location: index.php");
  20. }
  21.  
  22. }
  23.  
  24.  
  25. if(!empty($_POST['useremail']) && !empty($_POST['password'])){
  26. require_once("inc/class.users.inc.php");
  27. $users = new users();
  28. if($_POST['whichForm'] == "login"){
  29. $theResult = $users->accountLogin();
  30. }else if($_POST['whichForm'] == "facebook"){
  31. $theResult = $users->accountLoginFB();
  32. }
  33.  
  34. if($theResult == true){
  35. if(isset($_SESSION['returnURL'])){
  36. header("Location: " . $_SESSION['returnURL']);
  37. }else{
  38. header("Location: index.php");
  39. }
  40. }else{ //If it couldn't register
  41. $theError = true;
  42. }
  43. }else if(isset($_POST['whichForm'])){
  44. $theError = true;
  45. }
  46. else{
  47. $theError = false;
  48. }
  49.  
  50. $pageTitle = "Login";
  51. $pageKeywords = "Login page";
  52. $loggedIn = false;
  53.  
  54. require_once($_SERVER['DOCUMENT_ROOT'] . '/common/constants.php');
  55. include_once($_SERVER['DOCUMENT_ROOT'] . "/common/header.php");
  56. include_once($_SERVER['DOCUMENT_ROOT'] . "/common/mainNav.php");?>
  57.  
  58.  
  59.  
  60. <section class="container">
  61. <div id="blankBuffer" class="carousel-buffer"></div>
  62. <section class="container" id="mainContent">
  63. <div class="loginBox clearfix">
  64. <div class="span5 offset3 clearfix">
  65. <div class="well">
  66. <legend>Sign in to Store Portal</legend>
  67. <?php if($theError): ?>
  68. <div class="alert alert-error">
  69. <a class="close" data-dismiss="alert" href="#">x</a>Incorrect Username or Password!
  70. </div>
  71. <?php endif;//end if($theError) ?>
  72. <form method="POST" action="login.php" name="loginform" id="loginform" class="cf" accept-charset="UTF-8">
  73. <input type="hidden" name="whichForm" id="whichForm" value="login"/>
  74. <input class="span4" placeholder="User Email" type="text" name="useremail" id="useremail"><br>
  75. <input class="span4" placeholder="Password" type="password" name="password" id="password" ><br>
  76. <button class="btn" type="submit">Login</button>
  77. </form>
  78. </div>
  79. </div>
  80.  
  81. <div class="span5 offset3">
  82. <div class="well info">
  83. <p>Don't have an account? <a href="signup.php">Click here to sign up.</a></p>
  84. </div>
  85. </div>
  86. </div><br />
  87. </section>
  88. </section>
  89.  
  90. public function accountLogin()
  91. {
  92. $emailExplode = explode("@", $_POST['useremail'], 2);
  93. $userName = $emailExplode[0];
  94.  
  95.  
  96. if(count($emailExplode) == 1){
  97. $theEmail = $userName . "@" . str_replace("www.", "", $_SERVER['SERVER_NAME']);
  98. //$theEmail = $userName;
  99. }else{
  100. $theEmail = $_POST['useremail'];
  101. }
  102.  
  103. //NEED TO SEPERATE THE CREATION FROM LOGIN
  104.  
  105. $sql = "SELECT UserID, Username, user_edit FROM users WHERE user_email = :user AND Password = MD5(:pass) LIMIT 1";
  106.  
  107. try{
  108. $stmt = $this->_db->prepare($sql);
  109. $stmt->bindParam(':user', $theEmail, PDO::PARAM_STR);
  110. $stmt->bindParam(':pass', $_POST['password'], PDO::PARAM_STR);
  111. $stmt->execute();
  112. if($stmt->rowCount() == 1){
  113. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  114. $_SESSION['Username'] = htmlentities($userName, ENT_QUOTES);
  115. $_SESSION['UserID'] = $row['UserID'];
  116. $_SESSION['LoggedIn'] = 1;
  117. $_SESSION['Edit'] = $row['user_edit'];
  118.  
  119. $log = $_SERVER['DOCUMENT_ROOT'] . "/admin/inc/loggedUsers.txt";
  120.  
  121. $theEntry = date("Y-m-d H:i:s") . " - " . htmlentities($userName, ENT_QUOTES) . "n";
  122.  
  123. $handle = fopen($log, "a+") or die("can't open file");
  124. fwrite($handle, $theEntry);
  125. fclose($handle);
  126.  
  127. return TRUE;
  128. } else{
  129. return FALSE;
  130. }
  131.  
  132. }catch(PDOException $e){
  133. return FALSE;
  134. }
  135. }
  136.  
  137. <?php
  138. //THIS DOCUMENT CHECKS IF A PERSON IS LOGGED IN AND HAS EDITING CAPABILITIES. IF TRUE, THEY ARE ALLOWED TO VIEW THE PAGE, OTHERWISE IF THEY AREN'T LOGGED IN THEY ARE REDIRECTED TO THE LOGIN PAGE. IF THEY DON'T HAVE EDITING CAPABILITIES, THEY ARE SENT TO HOME PAGE WITH AN ERROR MESSAGE.
  139.  
  140.  
  141. if(!isset($_SESSION)){
  142. session_start();
  143. }
  144.  
  145. if($_SERVER['REQUEST_URI'] != "/admin/interactions.php"){
  146. $_SESSION['returnURL'] = $_SERVER['REQUEST_URI'];
  147. }
  148.  
  149. if(isset($_SESSION['LoggedIn']) && isset($_SESSION['Username']) && $_SESSION['LoggedIn'] == 1){
  150. $loggedIn = true;
  151. $canEdit = $_SESSION['Edit'] + 0;
  152.  
  153. if($canEdit != 1){
  154. header("Location: http://" . $_SERVER['SERVER_NAME'] . "?error=noAccess");
  155. }
  156. }else{
  157. header("Location: http://" . $_SERVER['SERVER_NAME'] . "/admin/login.php");
  158. }?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!