Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if(isset($_POST['login']))
- include('/class.login.php');
- //$login = new Login();
- if(Login()->isLoggedIn()){
- echo "Success!";}
- else{
- Login()->showErrors();}
- $token = $_SESSION['token'] = md5(uniqid(mt_rand(),true));
- //<--THIS IS LINE 18 ?>
- <form method =POST" action="<?php=$_SERVER['PHP_SELF']; ?>">
- <table>
- <tr><td>Username:</td><td><input type="text" name="username" /></td></tr>
- <tr><td>Password:</td><td><input type="password" name="password" /></td></tr>
- </table>
- <input type="hidden" name="token" value="<?php=$token; ?>" />
- <input type="submit name="login" value="Log In" />
- </form>
- <?php
- class Login
- {
- private $_id;
- private $_username;
- private $_password;
- private $_passmd5;
- private $_errors;
- private $_access;
- private $_login;
- private $_token;
- public function __contruct()
- {
- $this->_errors = array();
- $this->_login = isset($_POST['login'])? 1 : 0;
- $this->_access = 0;
- $this->_token = $_POST['token'];
- $this->_id = 0;
- $this->_username = ($this->_login)? $this->filter($_POST['username']) : $_SESSION['username'];
- $this->_password = ($this->_login)? $this->filter($_POST['password']) : '';
- $this->_passmd5 = ($this->_login)? md5($this->_password) : $_SESSION['password'];
- }
- public function isLoggedIn()
- {
- ($this->_login)? $this->verifyPost() : $this->verifySession();
- return $this->_access;
- }
- public function filter($var)
- {
- return preg_replace('/[^a-zA-Z0-9','',$var);
- }
- public function verifyPost()
- {
- try{
- if(!$this->isTokenValid())
- throw new Exception('Invalid Form Submission');
- if(!$this->isDataValid())
- throw new Exception('Invalid Form Data');
- if(!$this->verifyDatabase())
- throw new Exception('Invalid Username/Password');
- $this->_access = 1;
- $this->registerSession();
- }
- catch (Exception $e)
- {
- $this->_errors[] = $e->getMessage();
- }
- }
- public function verifySession()
- {
- if($this->_sessionExist() && $this->verifyDatabase())
- $this->_access = 1;
- }
- public function verifyDatabase()
- {
- //Database Connection Data
- $db_username = "";
- $db_password = "";
- $db_host = "";
- $db_dbname = "";
- mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
- mysql_select_db($db_dbname) or die(mysql_errorCode());
- $data = mysql_query("SELECT ID FROM admin_tbl WHERE username = '($this->_username)' AND password = '($this->_passmd5)'");
- if(mysql_num_rows($data))
- {
- list($this->_id ) = @array_values(mysql_fetch_assoc($data));
- return true;
- }
- else
- {
- return false;
- }
- }
- public function isDataValid()
- {
- return (preg_match('/^[a-zA-Z0-9](5,12)$/',$this->_username) && preg_match('/^[a-zA-Z0-9](5,12)$/',$this->_password))? 1 : 0;
- }
- public function isTokenValid()
- {
- return (!isset($_SESSION['token']) || $this->_token != $SESSION['token'])? 0 : 1;
- }
- public function registerSession()
- {
- $_SESSION['id'] = $this->_id;
- $_SESSION['username'] = $this->_username;
- $_SESSION['password'] = $this->_passmd5;
- }
- public function sessionExist()
- {
- return (isset($_SESSION['username']) && isset($_SESSION['password']))? 1 : 0;
- }
- public function showErrors()
- {
- echo"<h3>Error</h3>";
- foreach($this->_errors as $key=>$value)
- echo $value."<br>";
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement