Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once 'backend/connectivity.php';
- require_once 'backend/database_operations.php';
- require_once 'backend/security.php';
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- if (!empty($_POST['token'])) {
- if (hash_equals($_SESSION['token'], $_POST['token'])) {
- // Verify
- if (isset($_POST['username']) && isset($_POST['password'])) {
- $queryString = "SELECT * FROM WebsiteUsers WHERE userName = '" . $mysqli->real_escape_string($_POST['username']) . "' AND pass = '" . $mysqli->real_escape_string(passwordHash($_POST['password'])) . "'";
- $query = $mysqli->query($queryString);
- if ($query->num_rows == 0) {
- header("Location: index.php?login_error=Invalid username or password");
- } else {
- try {
- $_SESSION['user_id'] = $query->fetch_assoc()["id"];
- if (!hasVerifyToken($mysqli)) {
- $verify_token = bin2hex(random_bytes(32));
- $_SESSION['verify_token'] = $verify_token;
- $insert = "INSERT INTO active_logins (user_id, verify_token, last_active) VALUES('" . $mysqli->real_escape_string($_SESSION['user_id']) . "', '" . $mysqli->real_escape_string($verify_token) . "', '" . $mysqli->real_escape_string(time()) . "')";
- $mysqli->query($insert);
- } else {
- $_SESSION['verify_token'] = getVerifyToken($mysqli);
- }
- $_SESSION['logged_in'] = true;
- header("Location: dashboard.php");
- } catch (Exception $e) {
- }
- }
- } else {
- echo '<div class="sufee-alert alert with-close alert-danger alert-dismissible fade show">
- <span class="badge badge-pill badge-danger">ERROR</span> Incorrect Username or Password!
- <button type="button"class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span>
- </button>
- </div>");'
- }
- } else {
- header("Location: index.php?login_error=CSRF attack not allowed");
- }
- } else {
- header("Location: index.php?login_error=CSRF attack not allowed");
- }
- } else {
- header("Location: index.php");
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement