<!DOCTYPE html> include_once("php_includes/check_login.php");if(isset($_PO

1. <!DOCTYPE html>
2.  
3. include_once("php_includes/check_login.php");
4.  
5. if(isset($_POST) & !empty($_POST)) {
6.  
7. $username = $_POST['username'];
8. $password = sha1($_POST['password']); //sha1 hashing
9. $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
10. $sql = "SELECT id, username, password FROM `users` WHERE username='$username' AND password='$password' AND activated='1' LIMIT 1";
11. $query = mysqli_query($connection, $sql);
12. $row = mysqli_fetch_row($query);
13. $id = $row[0];
14. $count = mysqli_num_rows($query);
15. if($count == 1) { // 1 is a match
16. $_SESSION['username'] = $username;
17. $sql = "UPDATE `users` SET ip='$ip', lastlogin=now() WHERE username='$username' LIMIT 1";
18. setcookie("id", $id, strtotime( '+30 days' ), "/", "", "", TRUE);
19. setcookie("username", $username, strtotime( '+30 days' ), "/", "", "", TRUE);
20. setcookie("password", $password, strtotime( '+30 days' ), "/", "", "", TRUE);
21.  
22. } else {
23. $failMessage = "INVALID USERNAME/PASSWORD";
24. //echo 'INVALID USERNAME/PASSWORD'; /<--- for testing/debugging
25. echo "Count = " . $count; // <--- THIS KEEPS DISPLAYING 0. WHY?!
26. }
27. }
28. if(isset($_SESSION['username'])) {
29. $successMessage = "YOU ARE ALREADY LOGGED IN";
30.  
31. }
32. if(isset($_SESSION['username'])) {
33. header("Location: index.php");
34. }
35. else {
36.  
37. ?> // <---- BEGIN REST OF HTML HERE
38.  
39. <?php
40.  
41. require_once("php_includes/connect.php");
42. include_once ("php_includes/randStrGen.php");
43.  
44. if (isset($_POST) & !empty($_POST)) {
45. $username = mysqli_real_escape_string($connection, $_POST['username']);
46. $email = mysqli_real_escape_string($connection, $_POST['email']);
47. //$password = sha1($_POST['password']);
48. $password = $_POST['password'];
49. $gender = $_POST['gender'];
50. $profession = $_POST['profession'];
51. $ip = preg_replace('#[^0-9.]#', '', getenv('REMOTE_ADDR'));
52. $cryptpass = sha1($password);
53. $pass_hash = randStrGen(20)."$cryptpass".randStrGen(20);
54. $sql = "INSERT INTO `users` (username, email, password, gender, profession, ip, signup, lastlogin) VALUES ('$username', '$email', '$pass_hash', '$gender', '$profession', '$ip', now(), now())";
55. $query = mysqli_query($connection, $sql);
56. $uid = mysqli_insert_id($connection);
57.  
58. if(strlen($username) < 4 || strlen($username) > 16) {
59. $username_message = "Username must be between 4 - 16 chars";
60. } else {
61.  
62. if ($query) {
63. $successMessage = "Check your inbox and junk folder for the activation email!";
64. $to = "$email"; //<--- BEGIN EMAIL
65. //etc
66. //etc
67. //REST OF EMAIL FORM. NOT RELEVANT TO LOGIN
68.  
69. <?php
70. session_start();
71. include_once("connect.php");
72. //NOTE TO SELF:
73. //Files that include this file at the very top would not require
74. //connection to database or session_start(). Don't forget!
75.  
76. //init vars
77. $user_ok = false;
78. $log_id = "";
79. $log_username = "";
80. $log_password = "";
81.  
82. //verify user function
83. function evalLoggedUser($connection,$id,$u,$p) {
84. $sql = "SELECT ip FROM users WHERE id='$id' AND username='$u', AND password='$p', AND activated='1' LIMIT 1";
85. $query = mysqli_query($connection, $sql);
86. $numrows = mysqli_num_rows($query);
87. if($numrows > 0) {
88. return true;
89. }
90. }
91. if(isset($_SESSION["id"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
92. $log_id = preg_replace('#[^0-9]#', '', $_SESSION['id']);
93. $log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
94. $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
95. // Verify the user
96. $user_ok = evalLoggedUser($connection,$log_id,$log_username,$log_password);
97. } else if(isset($_COOKIE["id"]) && isset($_COOKIE["username"]) && isset($_COOKIE["password"])){
98. $_SESSION['id'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
99. $_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['username']);
100. $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['password']);
101. $log_id = $_SESSION['id'];
102. $log_username = $_SESSION['username'];
103. $log_password = $_SESSION['password'];
104. // Verify the user
105. $user_ok = evalLoggedUser($connection,$log_id,$log_username,$log_password);
106. if($user_ok == true){
107. // Update their lastlogin datetime field
108. $sql = "UPDATE users SET lastlogin=now() WHERE id='$log_id' LIMIT 1";
109. $query = mysqli_query($connection, $sql);
110. }
111. }
112.  
113. <?php
114.  
115. function randStrGen($len) {
116. $result = "";
117. $chars = "abcdefghijklmnopqrstuvwxyz0123456789$$$$$$$1111111";
118. $charArray = str_split($chars);
119.  
120. for($i = 0; $i < $len; $i++) {
121. $randItem = array_rand($charArray);
122. $result .= "".$charArray[$randItem];
123. }
124. return $result;
125. }