API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 26th, 2017
131
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. //echo "login.php";
  4.  
  5. function logIn($username, $password, $ip) {
  6. require_once("connect.php");
  7. $username = mysqli_real_escape_string($link, $username);
  8. $password = mysqli_real_escape_string($link, $password);
  9. $loginString = "SELECT * FROM tbl_user WHERE user_name='{$username}' AND user_pass='{$password}'";
  10. $user_set = mysqli_query($link, $loginString);
  11. $attemptString = "SELECT user_attempt FROM tbl_user WHERE user_name='{$username}'";
  12. $user_attempts = mysqli_query($link, $attemptString);
  13. //echo $user_attempts;
  14. //echo $attemptString;
  15. //echo mysqli_num_rows($user_set); //was there a match
  16. date_default_timezone_set('US/Eastern');
  17. if(mysqli_num_rows($user_set)){
  18. $found_user = mysqli_fetch_array($user_set, MYSQLI_ASSOC);
  19. //echo $found_user ['user_fname'];
  20. $id = $found_user['user_id'];
  21. $_SESSION['users_creds'] = $id;
  22. $_SESSION['users_mylgn'] = $found_user['user_lstlgn'];
  23. $_SESSION['users_name'] = $found_user['user_name'];
  24. $_SESSION['users_fname'] = $found_user['user_fname'];
  25. //$userloginAttempts = "UPDATE tbl_user SET user_attempt='{$currentAttempt}' WHERE user_id={$id}";
  26. if(mysqli_query($link, $loginString)) {
  27. $updateString = "UPDATE tbl_user SET user_ip='{$ip}' WHERE user_id={$id}";
  28. $updateQuery = mysqli_query($link, $updateString);
  29. $currDate = date('Y-m-d H:i:s');
  30. $userloginTime = "UPDATE tbl_user SET user_lstlgn='{$currDate}' WHERE user_id={$id}";
  31.  
  32. $updateQueryTime = mysqli_query($link, $userloginTime);
  33. // $updateQueryLogins = mysqli_query($link, "UPDATE tbl_user SET user_attempt='0' WHERE user_id{$id}"); //reset count on successful login
  34.  
  35. }
  36.  
  37. redirect_to("admin_index.php");
  38.  
  39. }else{
  40.  
  41. $attemptString = "SELECT user_attempt FROM tbl_user WHERE user_name='{$username}'";
  42. //Some stuff has been deleted and lost since then.
  43. //I won't lie, I'm giving up after ~4 hours of trying to get the attempts. I know a session would be a bad idea.
  44. if ($attemptString > 2){
  45. echo "locked";
  46. }
  47.  
  48.  
  49.  
  50. //for ($userAttempt = 0; $userAttempt <= 3;$userAttempts++){
  51. //$currentAttempt = $userAttempt;
  52. //$userloginAttempts = "UPDATE tbl_user SET user_attempt='{$currentAttempt}' WHERE user_id={$id}";
  53. //$updateQueryAttempts = mysqli_query($link, $userloginAttempts);
  54.  
  55. //$found_user = mysqli_fetch_array($user_set, MYSQLI_ASSOC);
  56. //echo $found_user ['user_fname'];
  57.  
  58. $message = "Username or password was incorrect. Please try again.";
  59. //echo $currentAttempt;
  60.  
  61. //if($currentAttempt > 3){
  62. //echo "oml";
  63. //}
  64.  
  65. return $message;
  66.  
  67. }
  68.  
  69.  
  70. mysqli_close($link);
  71. }
  72.  
  73. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!