API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 5th, 2018
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.21 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. session_start();
  4.  
  5. // Require once config file
  6. require_once("../../core/config.php");
  7. require_once("../../functions.php");
  8.  
  9. /**
  10.  * Login and authenticate user.
  11.  * This is login.php
  12.  */
  13. try {
  14.  
  15.     $username = $_POST["username"];
  16.     $password = $_POST["password"];
  17.  
  18.     if (strlen($username) <= 2 || strlen($password) <= 2) {
  19.         echo '<p class="notis-label">Complete all fields and please try again</p>';
  20.         return false;
  21.     }
  22.  
  23.     $result = $dbh->prepare("SELECT username FROM users WHERE username = :username");
  24.     $result->bindParam(":username", $username);
  25.     $result->execute();
  26.     $dataUser = $result->fetch(PDO::FETCH_ASSOC);
  27.  
  28.     foreach (array($dataUser) as $data) {
  29.  
  30.         // Define $username and $password
  31.         $password = hash("sha512", $_POST["password"]);
  32.  
  33.         // To protect MySQL injection for Security purpose
  34.         $username = stripslashes($username);
  35.         $password = stripslashes($password);
  36.  
  37.         // SQL query to fetch information of registerd users and find a user match
  38.         $result = $dbh->prepare("SELECT id, username, password FROM users WHERE BINARY username = :username AND password = :password");
  39.         $result->bindParam(":username", $username);
  40.         $result->bindParam(":password", $password);
  41.         $result->execute();
  42.         $dataInfo = $result->fetch(PDO::FETCH_OBJ);
  43.         $rows = $result->rowCount();
  44.  
  45.         if ($rows > 0) {
  46.             $_SESSION["authenticated"] = 1;
  47.             $_SESSION["id"] = $dataInfo->id;
  48.             $_SESSION["username"] = $_POST["username"];
  49.             $ip = $_SERVER['REMOTE_ADDR'];
  50.  
  51.             $time = date("Y-m-d H:i:s");
  52.             $id = $_SESSION["id"];
  53.             $token = $username . $time . $password;
  54.             $token = md5(str_shuffle($token));
  55.  
  56.             $query = $dbh->prepare("UPDATE users SET remember_token = :remember_token, last_ip = :last_ip, updated_at = NOW() WHERE id = :id");
  57.             $query->bindParam(':last_ip', $ip);
  58.             $query->bindParam(':remember_token', $token);
  59.             $query->bindParam(":id", $id, PDO::PARAM_INT);
  60.             $query = $query->execute();
  61.         } else if ($data == false) {
  62.             echo '<p class="notis-label"><em>' . $username . "</em> is not in database, please try with another one</p>";
  63.         } else {
  64.             echo '<p class="notis-label">Wrong username or password, please try again</p>';
  65.         }
  66.     }
  67. } catch(PDOException $e) {
  68.     echo $e->getMessage();
  69. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!