Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- // Require once config file
- require_once("../../core/config.php");
- require_once("../../functions.php");
- /**
- * Login and authenticate user.
- * This is login.php
- */
- try {
- $username = $_POST["username"];
- $password = $_POST["password"];
- if (strlen($username) <= 2 || strlen($password) <= 2) {
- echo '<p class="notis-label">Complete all fields and please try again</p>';
- return false;
- }
- $result = $dbh->prepare("SELECT username FROM users WHERE username = :username");
- $result->bindParam(":username", $username);
- $result->execute();
- $dataUser = $result->fetch(PDO::FETCH_ASSOC);
- foreach (array($dataUser) as $data) {
- // Define $username and $password
- $password = hash("sha512", $_POST["password"]);
- // To protect MySQL injection for Security purpose
- $username = stripslashes($username);
- $password = stripslashes($password);
- // SQL query to fetch information of registerd users and find a user match
- $result = $dbh->prepare("SELECT id, username, password FROM users WHERE BINARY username = :username AND password = :password");
- $result->bindParam(":username", $username);
- $result->bindParam(":password", $password);
- $result->execute();
- $dataInfo = $result->fetch(PDO::FETCH_OBJ);
- $rows = $result->rowCount();
- if ($rows > 0) {
- $_SESSION["authenticated"] = 1;
- $_SESSION["id"] = $dataInfo->id;
- $_SESSION["username"] = $_POST["username"];
- $ip = $_SERVER['REMOTE_ADDR'];
- $time = date("Y-m-d H:i:s");
- $id = $_SESSION["id"];
- $token = $username . $time . $password;
- $token = md5(str_shuffle($token));
- $query = $dbh->prepare("UPDATE users SET remember_token = :remember_token, last_ip = :last_ip, updated_at = NOW() WHERE id = :id");
- $query->bindParam(':last_ip', $ip);
- $query->bindParam(':remember_token', $token);
- $query->bindParam(":id", $id, PDO::PARAM_INT);
- $query = $query->execute();
- } else if ($data == false) {
- echo '<p class="notis-label"><em>' . $username . "</em> is not in database, please try with another one</p>";
- } else {
- echo '<p class="notis-label">Wrong username or password, please try again</p>';
- }
- }
- } catch(PDOException $e) {
- echo $e->getMessage();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement