<?php /*************** PHP LOGIN SCRIPT V 2.3*********************(c) Balakr

1. <?php
2. /*************** PHP LOGIN SCRIPT V 2.3*********************
3. (c) Balakrishnan 2009. All Rights Reserved
4.  
5. Usage: This script can be used FREE of charge for any commercial or personal projects. Enjoy!
6.  
7. Limitations:
8. - This script cannot be sold.
9. - This script should have copyright notice intact. Dont remove it please...
10. - This script may not be provided for download except from its original site.
11.  
12. For further usage, please contact me.
13.  
14. ***********************************************************/
15. include 'dbc.php';
16.  
17. $err = array();
18.  
19. foreach($_GET as $key => $value) {
20. $get[$key] = filter($value); //get variables are filtered.
21. }
22.  
23. if ($_POST['doLogin']=='Login')
24. {
25.  
26. foreach($_POST as $key => $value) {
27. $data[$key] = filter($value); // post variables are filtered
28. }
29.  
30.  
31. $user_email = $data['usr_email'];
32. $pass = $data['pwd'];
33.  
34.  
35. if (strpos($user_email,'@') === false) {
36. $user_cond = "user_name='$user_email'";
37. } else {
38. $user_cond = "user_email='$user_email'";
39.  
40. }
41.  
42.  
43. $result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users WHERE
44. $user_cond
45. AND `banned` = '0'
46. ") or die (mysql_error());
47. $num = mysql_num_rows($result);
48.  
49. // Match row found with more than 1 results - the user is authenticated.
50. if ( $num > 0 ) {
51.  
52. list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
53.  
54. if(!$approved) {
55. //$msg = urlencode("Account not activated. Please check your email for activation code");
56. $err[] = "Your account hasn't been approved yet. Please contact an administrator with a request of doing this.";
57.  
58. //header("Location: login.php?msg=$msg");
59. //exit();
60. }
61.  
62. //check against salt
63. if ($pwd === PwdHash($pass,substr($pwd,0,9))) {
64. if(empty($err)){
65.  
66. // this sets session and logs user in
67. session_start();
68. session_regenerate_id (true); //prevent against session fixation attacks.
69.  
70. // this sets variables in the session
71. $_SESSION['user_id']= $id;
72. $_SESSION['user_name'] = $full_name;
73. $_SESSION['user_level'] = $user_level;
74. $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
75.  
76. //update the timestamp and key for cookie
77. $stamp = time();
78. $ckey = GenKey();
79. mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());
80.  
81. //set a cookie
82.  
83. if(isset($_POST['remember'])){
84. setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");
85. setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");
86. setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");
87. }
88. header("Location: hub.php");
89. }
90. }
91. else
92. {
93. //$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");
94. $err[] = "Invalid Login. Please try again with correct user email and password.";
95. //header("Location: login.php?msg=$msg");
96. }
97. } else {
98. $err[] = "Error - Invalid login. No such user exists";
99. }
100. }
101.  
102.  
103.  
104. ?>
105. <html>
106. <head>
107. <title>Atomic Booter &bull; Restricted Area</title>
108. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
109. <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
110. <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
111. <script>
112. $(document).ready(function(){
113. $("#logForm").validate();
114. });
115. </script>
116. <link href="styles.css" rel="stylesheet" type="text/css">
117.  
118. </head>
119.  
120. <body>
121. <br /><br /><br /><br /><br /><br /><br /><br />
122. <center>
123. <div class="header"><image src="images/logo.png"></div>
124. <div class="content">
125. <p>
126. <?php
127. /******************** ERROR MESSAGES*************************************************
128. This code is to show error messages
129. **************************************************************************/
130. if(!empty($err)) {
131. echo "<div class=\"msg\">";
132. foreach ($err as $e) {
133. echo "$e <br>";
134. }
135. echo "</div>";
136. }
137. /******************************* END ********************************/
138. ?></p>
139. <center>Please enter your login credentials below..</center>
140. <form action="login.php" method="post" name="logForm" id="logForm" >
141. Username: <input name="usr_email" type="text" class="required" id="txtbox" size="25"><br>
142. Password: <input name="pwd" type="password" class="required password" id="txtbox" size="25"><br>
143. <input name="remember" type="checkbox" id="remember" value="1">Remember me<br>
144. <input name="doLogin" type="submit" id="doLogin3" value="Login">
145.  
146. <hr>
147. Getting Attacked By US? Get A Free BlackList To Prevent Attacks Email Markizzcull@gmail.com
148. <hr>
149. By Visiting This Page You Agree To Our Disclaimer And Terms Of Service
150. <div align="center"></div>
151. <p align="center">&nbsp; </p>
152. </form>
153. </div>
154. </div>
155. </div>
156.  
157. </body>
158. </html>