API tools faq
paste
Advertisement
Guest User

login.php

a guest
Apr 8th, 2016
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.86 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. *
  4. * Instrument Repair Portal - A simple repair management system
  5. * d
  6. * Filename: login.php
  7. *
  8. */
  9. // Force HTTPS for security
  10.  
  11. session_start();
  12.  
  13. if($_SERVER["HTTPS"] != "on") {
  14.  $pageURL = "http://alkmaar.seth0.net";
  15.  if ($_SERVER["SERVER_PORT"] != "80") {
  16.   $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
  17.  } else {
  18.   $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
  19.  }
  20.  header($pageURL);
  21. }
  22.  
  23.  
  24.     // Load includes
  25.     require ('dbconnect.php');
  26.     require ('globals.php');
  27.     require ('querys.php');
  28.     $sql = new mysql();
  29.     $querys = new querys($sql);
  30.     $global = new globals($sql, $querys);
  31.  
  32. // Store HTML Login form as a variable
  33. $loginform='
  34. <!DOCTYPE html>
  35. <html lang="en">
  36.  <head>
  37.    <meta charset="utf-8">
  38.    <meta name="viewport" content="width=device-width, initial-scale=1.0">
  39.    <title> '.$PRODUCT_HEADER.' : Login</title>
  40.    <link href="files/css/bootstrap.min.css" rel="stylesheet">
  41.    <link href="files/css/login.css" rel="stylesheet">
  42.    <link href="files/css/font-awesome.min.css" rel="stylesheet">
  43.    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
  44.    <!--[if lt IE 9]>
  45.      <script src="files/js/html5shiv.js"></script>
  46.      <script src="files/js/respond.min.js"></script>
  47.    <![endif]-->
  48.  </head>
  49.  <body>';
  50.  
  51. // Here we will handle some different login errors
  52. if(isset($_GET['err_disabled'])) {
  53.     $loginform .=' <div class="alert alert-danger text-center"><strong>Account Disabled.</strong> You may have used the wrong password too many times.</div>';
  54. } elseif(isset($_GET['err_failedauth'])) {
  55.     $loginform .=' <div class="alert alert-danger text-center"><strong>Oops!</strong> Login failed, please try again.</div>';
  56. } elseif(isset($_GET['err_session'])) {
  57.     $loginform .=' <div class="alert alert-danger text-center"><strong>Invalid or non-existent session.</strong> Please login.</div>';
  58. } elseif(isset($_GET['logout'])) {
  59.     $loginform .=' <div class="alert alert-success text-center"><strong>Success!</strong> You have logged out. Please login to continue working.</div>';
  60. } else {
  61.     $loginform .=' <div class="well text-center">This is a secure area, your IP Address <strong>' . $global->getIP() . '</strong> has been logged. No unauthorized access permitted.</div>';
  62. }
  63.  
  64. // Continue with the login form
  65. $loginform .= '    <div class="container">
  66.      <form class="form-signin" role="form" method="post" action="login.php">
  67.        <h1 class="form-signin-heading"><img src="files/logo.png" alt="Instrument Repair Portal"></h1>
  68.        <div class="form-group input-group">
  69.        <span class="input-group-addon"><i class="fa fa-user"></i></span>
  70.        <input type="text" id="username" name="username" class="form-control" placeholder="Username" required autofocus>
  71.        </div>
  72.        <div class="form-group input-group">
  73.        <span class="input-group-addon"><i class="fa fa-lock"></i></span>
  74.        <input type="password" id="password" name="password" class="form-control" placeholder="Password" required>
  75.        </div>
  76.        <button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
  77.      </form>
  78.      <div class="footer text-center">'.$PRODUCT_FOOTER.'</div>
  79.    </div>
  80.  </body>
  81. </html>
  82. ';
  83.  
  84. // Get the time in a nice format for later
  85. $now = date("d-m-Y H:i:s");
  86.  
  87. // Proceed with authentication if we recieved form data
  88. if ((isset($_POST['username']) && isset($_POST['password']))) {
  89.  
  90. // Clean the input
  91. $username = $global->Clean($_POST['username']);
  92. $password = $global->Clean($_POST['password']);
  93.  
  94. // Get password from database and encrypt the password we recieved from POST
  95. $getpass = $sql->runQuery($querys->getPassword($username));
  96. $dbpass = $getpass['password'];
  97. $encpass = $global->rebuildEncryption($password, $dbpass);
  98.  
  99. // Authenticate
  100. $numrows = $sql->runNumRowsQuery($querys->getUserDetails($username, $encpass));
  101. $dbUserDetails = $sql->runQuery($querys->getUserDetails($username, $encpass));
  102.  
  103. // Check to see if login was successful
  104. if ($numrows != 0) {
  105.  
  106.     // Proceed if the account is not disabled
  107.     if ($dbUserDetails['userlevel'] != 0) {
  108.  
  109.         // Initialize session
  110.         session_start();
  111.         $_SESSION['id'] = session_id();
  112.         $_SESSION['userAgent'] = $global->SessEncrypt($_SERVER['HTTP_USER_AGENT']);
  113.         $_SESSION['userlevel'] = $dbUserDetails['userlevel'];
  114.         $_SESSION['userid'] = $dbUserDetails['uid'];
  115.    
  116.         // Write session information to database
  117.         $updateUserSession = $sql->updateQuery($querys->updateUserSession($_SESSION['userid'], $_SESSION['id']));
  118.         $updateUserAgent = $sql->updateQuery($querys->updateUserAgent($_SESSION['userid'], $_SESSION['userAgent']));
  119.  
  120.         // Log the successful login to auth table
  121.         $sql->insertQuery($querys->insertAuthlog($dbUserDetails['uid'], 1, $global->getIP(), $now));
  122.        
  123.     // Update IP and timestamp against user account
  124.     $sql->updateQuery($querys->updateUserLastlog($dbUserDetails['uid'], $global->getIP(), $now));
  125.  
  126.         // Send to joblist.php
  127.         header("Location: joblist.php");
  128.  
  129.     } else {
  130.         // If the account is disabled
  131.         // Send them back to login page with disabled message
  132.         header("Location: login.php?err_disabled");
  133.     }
  134.  
  135. } else {
  136.     // If authentication failed
  137.     // Make sure any existing session is destroyed
  138.     session_start();
  139.     session_unset();
  140.     session_destroy();
  141.    
  142.     // Log the failure
  143.     $sql->insertQuery($querys->insertAuthlog($dbUserDetails['uid'], 0, $global->getIP(), $now));
  144.  
  145.     // Send them back to login page with failed message
  146.     header("Location: login.php?err_failedauth");
  147. }
  148.  
  149. } else {
  150.     // Make sure any existing session is destroyed
  151.     session_start();
  152.     session_unset();
  153.     session_destroy();
  154.  
  155.     // Send them to login as we didn't recieve POST data
  156.     echo $loginform;
  157. }
  158. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!