Advertisement
Guest User

Untitled

a guest
Dec 13th, 2016
110
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.79 KB | None | 0 0
  1. <?php
  2. session_start();
  3. include("db.php");
  4. $con= new mysqli($server, $db_user, $db_pwd,$db_name) //connect to the database server
  5. or die ("Could not connect to mysql because ".mysqli_error());
  6.  
  7. mysqli_select_db($con,$db_name) //select the database
  8. or die ("Could not select to mysql because ".mysqli_error());
  9.  
  10. //prevent sql injection
  11. $username=mysqli_real_escape_string($con,$_POST["username"]);
  12. $password=mysqli_real_escape_string($con,$_POST["password"]);
  13. //decrypt password
  14.  
  15.  
  16. //check if user exist already
  17. $query="select * from ".$table_name." where username='$username'";
  18. $result=mysqli_query($con,$query) or die('error');
  19. if (mysqli_num_rows($result)) //if exist then check for password
  20. {
  21.  
  22. //Pickup password to compare with encrypted password
  23. $query="select password,email from ".$table_name." where username='$username'";
  24. $result=mysqli_query($con,$query) or die('error');
  25. $db_field = mysqli_fetch_assoc($result);
  26. //3.3 $hashed_password=crypt($password,$db_field['password']);
  27.  
  28. if(phpversion() >= 5.5)
  29. {
  30. if(password_verify($password, $db_field['password']))
  31. {
  32.  
  33. //once password is verified migrate to password_hash from crypt
  34. if(strlen($db_field['password']) < 60)
  35. {
  36. $hashed_password=password_hash($password,PASSWORD_DEFAULT);
  37. $query = "update " . $table_name . " set password='$hashed_password' where username='$username' and email='$db_field[email]'";
  38. //echo $query;
  39. $result = mysqli_query($con,$query) or die('error updating password hash');
  40. }
  41.  
  42. $query="select * from ".$table_name." where username='$username'and activ_status in(1)";
  43. $result=mysqli_query($con,$query) or die('error');
  44. if(mysqli_num_rows($result))
  45. {
  46. $_SESSION['login'] = true;
  47. $_SESSION['username']=$username;
  48. $result = $connection->query($select_query);
  49.  
  50. while($users = $result->fetch_object()) {
  51.  
  52. $_SESSION['fullName'] = $users->fullName;
  53.  
  54. }
  55. echo json_encode( array('result'=>1));
  56. }
  57. else
  58. {
  59. echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_key.php?user=".$username."\">$msg_email_2</a>."));
  60. // echo "User Account not yet activated.Check your mail for activation details.";
  61. }
  62.  
  63. }
  64. else
  65. {
  66. echo json_encode( array('result'=>$msg_pwd_error));
  67. }
  68.  
  69. }
  70. else
  71. {
  72. $hashed_password=crypt($password,$db_field['password']);
  73. $query="select * from ".$table_name." where username='$username' and password='$hashed_password'";
  74. $result=mysqli_query($con,$query) or die('error');
  75. if (mysqli_num_rows($result)) //if passwords match then check actvation status
  76. {
  77. $query="select * from ".$table_name." where username='$username' and password='$hashed_password' and activ_status in(1)";
  78. $result=mysqli_query($con,$query) or die('error');
  79. if(mysqli_num_rows($result))
  80. {
  81. $_SESSION['login'] = true;
  82. $_SESSION['username']=$username;
  83. $_SESSION['fullName']=$fullName;
  84. echo json_encode( array('result'=>1));
  85. }
  86. else
  87. {
  88. echo json_encode( array('result'=>"$msg_email_1 <br /><a href=\"".$url."\\resend_key.php?user=".$username."\">$msg_email_2</a>."));
  89. // echo "User Account not yet activated.Check your mail for activation details.";
  90. }
  91.  
  92. }
  93. else
  94. {
  95. echo json_encode( array('result'=>$msg_pwd_error));
  96. // echo trim("password incorrect");
  97. }
  98.  
  99. }
  100.  
  101.  
  102.  
  103.  
  104. }
  105.  
  106.  
  107. else
  108. {
  109. echo json_encode( array('result'=>$msg_un_error));
  110. // die("Username Doesn't exist");
  111. die();
  112. }
  113.  
  114.  
  115. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement