Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!DOCTYPE html>
- include_once("php_includes/check_login.php");
- if(isset($_POST) & !empty($_POST)) {
- $username = $_POST['username'];
- $password = sha1($_POST['password']); //sha1 hashing
- $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
- $sql = "SELECT id, username, password FROM `users` WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1";
- $query = mysqli_query($connection, $sql);
- $row = mysqli_fetch_row($query);
- $id = $row[0];
- $count = mysqli_num_rows($query);
- if($count == 1) { // 1 is a match
- $_SESSION['username'] = $username;
- $sql = "UPDATE `users` SET ip='$ip', lastlogin=now() WHERE username='$username' LIMIT 1";
- setcookie("id", $id, strtotime( '+30 days' ), "/", "", "", TRUE);
- setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE);
- setcookie("password", $password, strtotime( '+30 days' ), "/", "", "", TRUE);
- } else {
- $failMessage = "INVALID USERNAME/PASSWORD";
- //echo 'INVALID USERNAME/PASSWORD'; /<--- for testing/debugging
- echo "Count = " . $count; // <--- THIS KEEPS DISPLAYING 0. WHY?!
- }
- }
- if(isset($_SESSION['username'])) {
- $successMessage = "YOU ARE ALREADY LOGGED IN";
- }
- if(isset($_SESSION['username'])) {
- header("Location: index.php");
- }
- else {
- ?> // <---- BEGIN REST OF HTML HERE
- <?php
- require_once("php_includes/connect.php");
- include_once ("php_includes/randStrGen.php");
- if (isset($_POST) & !empty($_POST)) {
- $username = mysqli_real_escape_string($connection, $_POST['username']);
- $email = mysqli_real_escape_string($connection, $_POST['email']);
- //$password = sha1($_POST['password']);
- $password = $_POST['password'];
- $gender = $_POST['gender'];
- $profession = $_POST['profession'];
- $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
- $cryptpass = sha1($password);
- $pass_hash = randStrGen(20)."$cryptpass".randStrGen(20);
- $sql = "INSERT INTO `users` (username, email, password, gender, profession, ip, signup, lastlogin) VALUES ('$username', '$email', '$pass_hash', '$gender', '$profession', '$ip', now(), now())";
- $query = mysqli_query($connection, $sql);
- $uid = mysqli_insert_id($connection);
- if(strlen($username) < 4 || strlen($username) > 16) {
- $username_message = "Username must be between 4 - 16 chars";
- } else {
- if ($query) {
- $successMessage = "Check your inbox and junk folder for the activation email!";
- $to = "$email"; //<--- BEGIN EMAIL
- //etc
- //etc
- //REST OF EMAIL FORM. NOT RELEVANT TO LOGIN
- <?php
- session_start();
- include_once("connect.php");
- //NOTE TO SELF:
- //Files that include this file at the very top would not require
- //connection to database or session_start(). Don't forget!
- //init vars
- $user_ok = false;
- $log_id = "";
- $log_username = "";
- $log_password = "";
- //verify user function
- function evalLoggedUser($connection,$id,$u,$p) {
- $sql = "SELECT ip FROM users WHERE id='$id' AND username='$u', AND password='$p', AND activated='1' LIMIT 1";
- $query = mysqli_query($connection, $sql);
- $numrows = mysqli_num_rows($query);
- if($numrows > 0) {
- return true;
- }
- }
- if(isset($_SESSION["id"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
- $log_id = preg_replace('#[^0-9]#', '', $_SESSION['id']);
- $log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
- $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
- // Verify the user
- $user_ok = evalLoggedUser($connection,$log_id,$log_username,$log_password);
- } else if(isset($_COOKIE["id"]) && isset($_COOKIE["username"]) && isset($_COOKIE["password"])){
- $_SESSION['id'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
- $_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['username']);
- $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['password']);
- $log_id = $_SESSION['id'];
- $log_username = $_SESSION['username'];
- $log_password = $_SESSION['password'];
- // Verify the user
- $user_ok = evalLoggedUser($connection,$log_id,$log_username,$log_password);
- if($user_ok == true){
- // Update their lastlogin datetime field
- $sql = "UPDATE users SET lastlogin=now() WHERE id='$log_id' LIMIT 1";
- $query = mysqli_query($connection, $sql);
- }
- }
- <?php
- function randStrGen($len) {
- $result = "";
- $chars = "abcdefghijklmnopqrstuvwxyz0123456789$$$$$$$1111111";
- $charArray = str_split($chars);
- for($i = 0; $i < $len; $i++) {
- $randItem = array_rand($charArray);
- $result .= "".$charArray[$randItem];
- }
- return $result;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement