Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Get Value of uID from Query and Output Session uID Upon Login
- <?php
- session_start();
- require_once('../inc/db/dbc.php');
- ?>
- <?php
- if($_SESSION['valid'] == 1){ #user has logged in by creating a session var
- echo "<a href='logout.php'>Logout</a>";
- }
- else{
- echo "<a href='index.php'>Login</a>";
- }
- ?>
- <?php
- session_start(); #recall session from index.php where user logged
- require_once('../inc/db/dbc.php');
- $connect = mysql_connect($h, $u, $p) or die ("Can't Connect to Database.");
- mysql_select_db($db);
- $LoginUserName = $_POST['userName'];
- $LoginPassword = mysql_real_escape_string($_POST['userPass']);
- //connect to the database here
- $LoginUserName = mysql_real_escape_string($LoginUserName);
- $query = "SELECT uID, uUPass, dynamSalt, uUserType FROM User WHERE uUName = '$LoginUserName';";
- $result = mysql_query($query);
- if(mysql_num_rows($result) < 1) //no such USER exists
- {
- echo "Invalid Username and/or Password";
- }
- $ifUserExists = mysql_fetch_array($result, MYSQL_ASSOC);
- function isLoggedIn()
- {
- if(isset($_SESSION['valid']) && $_SESSION['valid'])
- header( 'Location: buyer/' ); # return true if sessions are made and login creds are valid
- echo "Invalid Username and/or Password";
- return true;
- }
- function validateUser() {
- $_SESSION['valid'] = 1;
- $_SESSION['uID'] = (isset($ifUserExists['uID'])) ? $ifUserExists['uID'] : null;
- $_SESSION['uUserType'] = 1; // 1 for buyer - 2 for merchant
- }
- $dynamSalt = $ifUserExists['dynamSalt']; #get value of dynamSalt in query above
- $SaltyPass = hash('sha512',$dynamSalt.$LoginPassword); #recreate originally created dynamic, unique pass
- if($SaltyPass != $ifUserExists['uUPass']) # incorrect PASS
- {
- echo "Invalid Username and/or Password";
- }
- else {
- validateUser();
- }
- // If User *has not* logged in yet, keep on /login
- if(!isLoggedIn())
- {
- header('Location: index.php');
- die();
- }
- ?>
- <?php
- session_start();
- if($_SESSION['uUserType'] != 1) // error
- {
- die("
- <div class='container_infinity'>
- <div class='container_full' style='position:static;'>
- <img src='img/error/noAccess.png' style='float:left;' /> <br />
- <h2>403 Error: You may not view this page. Access denied.</h2>
- </div>
- </div>
- ");
- }
- function isLoggedIn()
- {
- return ($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1);
- }
- //if the user has not logged in
- if(!isLoggedIn())
- {
- header('Location: ../index.php');
- die();
- }
- ?>
- <?php
- if($_SESSION['valid'] == 1 && $_SESSION['uUserType'] == 1){
- #echo "<a href='../logout.php'>Logout</a>";
- echo 'buyerid: '.$_SESSION['uID'];
- require_once('buyer_profile.php');
- }
- else{
- echo "<a href='../index.php'>Login</a>";
- }
- ?>
Add Comment
Please, Sign In to add comment