Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $login_username = strip_tags($_POST['username']);
- $login_password = strip_tags($_POST['password']);
- $login_secret_code = strip_tags($_POST['secret_code']);
- $login_username = stripslashes($login_username);
- $login_password = stripslashes($login_password);
- $login_secret_code = stripslashes($login_secret_code);
- $login_username = mysqli_real_escape_string($db, $login_username);
- $login_password = mysqli_real_escape_string($db, $login_password);
- $login_secret_code = mysqli_real_escape_string($db, $login_secret_code);
- $login_ip_addr = $_SERVER['REMOTE_ADDR'];
- $get_user_cert = "SELECT * from web_users WHERE username='$login_username' LIMIT 1";
- $get_user_auth = "SELECT * from web_users_authenticater WHERE username='$login_username' LIMIT 1";
- $user_ip_upd = "INSERT INTO `web_users`(`user_ip`) VALUES ('$login_ip_addr') WHERE username='$username'";
- $login_query = mysqli_query($db, $get_user_cert);
- $auth_query = mysqli_query($db, $get_user_auth);
- $user_data = mysqli_fetch_array($login_query);
- $auth_data = mysqli_fetch_array($auth_query);
- //auth_data
- $auth_code = $auth_data['auth_code'];
- //user_data
- $id = $user_data['id'];
- $user_username = $user_data['username'];
- $user_password = $user_data['password'];
- $user_admin = $user_data['is_admin'];
- $user_mod = $user_data['mod'];
- $is_user = $user_data['user'];
- $user_email = $user_data['email'];
- $tokenid = $user_data['tokenid'];
- $is_auth = $user_data['is_auth'];
- $confirmed = $user_data['is_confirmed'];
- $banned = $user_data['is_banned'];
- $check_secret_code = $user_data['secret_code'];
- //gets the users password from the database and converts it back to alphahumerical
- $hashed_password = password_verify($login_password, $user_password);
- //if the username contains illegal characters it throws an error
- if(preg_match('/[^a-z_\-0-9]/i', $login_username))
- {
- die(header('Location: /auth/signin.php?loginFailed=true&reason=username'));
- }
- //if the password matches the records in our database it logs the user in
- if($hashed_password == true && $login_secret_code == $auth_code){
- $_SESSION['username'] = $login_username;
- $_SESSION['id'] = $id;
- $ipquery = mysqli_query($db, $user_ip_upd);
- $tokenid = $user_data['tokenid'];
- LoginLogger($login_username, $tokenid, $set_branch, $user_email, $login_ip_addr, $user_admin);
- //if the user
- if($is_user == 1){
- $_SESSION['user'] = 1;
- $_SESSION['email'] = $user_email;
- $ipquery = mysqli_query($db, $user_ip_upd);
- $tokenid = $user_data['tokenid'];
- }
- if($user_admin == 1){
- $_SESSION['admin'] = 1;
- $_SESSION['email'] = $user_email;
- $ipquery = mysqli_query($db, $user_ip_upd);
- $tokenid = $user_data['tokenid'];
- }
- if($user_mod == 1){
- $_SESSION['is_mod'] = 1;
- $_SESSION['email'] = $user_email;
- $ipquery = mysqli_query($db, $user_ip_upd);
- $tokenid = $user_data['tokenid'];
- }
- if($confirmed == 0){
- session_destroy();
- header('Location: /auth/signin.php?loginFailed=true&reason=not_confirmed');
- }elseif($login_secret_code == ""){
- header('Location: /auth/signin.php?LoginFailed=true&reason=secret_code');
- }elseif($banned == 1){
- session_destroy();
- header('Location: /auth/signin.php?loginFailed=true&reason=blocked');
- }elseif($is_auth == 0){
- header("Location: /auth/handshake.php?tokenid=$tokenid");
- }elseif($is_auth == 1){
- //fopen($_SERVER['DOCUMENT_ROOT']."/core/parsher/files/user_data_$user_username.json", "w")or die("We were unable to create your data file, please try again.");
- header("Location: /gebruikers/profiel.php");
- }
- }else{
- loginFailed($login_username, $tokenid, $set_branch, $user_email, $login_ip_addr, $user_admin);
- die(header('Location: /auth/signin.php?loginFailed=true&reason=check'));
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement