<?phpinclude_once 'config.php';function sec_session_start() { $sess

1. <?php
2.  
3. include_once 'config.php';
4.  
5. function sec_session_start() {
6. $session_name = 'sec_session_id'; // Set a custom session name
7. $secure = SECURE;
8.  
9. // This stops JavaScript being able to access the session id.
10. $httponly = true;
11.  
12. // Forces sessions to only use cookies.
13. if (ini_set('session.use_only_cookies', 1) === FALSE) {
14. header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
15. exit();
16. }
17.  
18. // Gets current cookies params.
19. $cookieParams = session_get_cookie_params();
20. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
21.  
22. // Sets the session name to the one set above.
23. session_name($session_name);
24.  
25. session_start(); // Start the PHP session
26. session_regenerate_id(); // regenerated the session, delete the old one.
27. }
28.  
29. function login($email, $password, $mysqli) {
30. // Using prepared statements means that SQL injection is not possible.
31. if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
32. FROM members
33. WHERE email = ? LIMIT 1")) {
34. $stmt->bind_param('s', $email); // Bind "$email" to parameter.
35. $stmt->execute(); // Execute the prepared query.
36. $stmt->store_result();
37.  
38. // get variables from result.
39. $stmt->bind_result($user_id, $username, $db_password, $salt);
40. $stmt->fetch();
41.  
42. // hash the password with the unique salt.
43. $password = hash('sha512', $password . $salt);
44. if ($stmt->num_rows == 1) {
45. // If the user exists we check if the account is locked
46. // from too many login attempts
47. if (checkbrute($user_id, $mysqli) == true) {
48. // Account is locked
49. // Send an email to user saying their account is locked
50. return false;
51. } else {
52. // Check if the password in the database matches
53. // the password the user submitted.
54. if ($db_password == $password) {
55. // Password is correct!
56. // Get the user-agent string of the user.
57. $user_browser = $_SERVER['HTTP_USER_AGENT'];
58.  
59. // XSS protection as we might print this value
60. $user_id = preg_replace("/[^0-9]+/", "", $user_id);
61. $_SESSION['user_id'] = $user_id;
62.  
63. // XSS protection as we might print this value
64. $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
65.  
66. $_SESSION['username'] = $username;
67. $_SESSION['login_string'] = hash('sha512', $password . $user_browser);
68.  
69. // Login successful.
70. return true;
71. } else {
72. // Password is not correct
73. // We record this attempt in the database
74. $now = time();
75. if (!$mysqli->query("INSERT INTO login_attempts(user_id, time)
76. VALUES ('$user_id', '$now')")) {
77. header("Location: ../error.php?err=Database error: login_attempts");
78. exit();
79. }
80.  
81. return false;
82. }
83. }
84. } else {
85. // No user exists.
86. return false;
87. }
88. } else {
89. // Could not create a prepared statement
90. header("Location: ../error.php?err=Database error: cannot prepare statement");
91. exit();
92. }
93. }
94.  
95. function checkbrute($user_id, $mysqli) {
96. // Get timestamp of current time
97. $now = time();
98.  
99. // All login attempts are counted from the past 2 hours.
100. $valid_attempts = $now - (2 * 60 * 60);
101.  
102. if ($stmt = $mysqli->prepare("SELECT time
103. FROM login_attempts
104. WHERE user_id = ? AND time > '$valid_attempts'")) {
105. $stmt->bind_param('i', $user_id);
106.  
107. // Execute the prepared query.
108. $stmt->execute();
109. $stmt->store_result();
110.  
111. // If there have been more than 5 failed logins
112. if ($stmt->num_rows > 5) {
113. return true;
114. } else {
115. return false;
116. }
117. } else {
118. // Could not create a prepared statement
119. header("Location: ../error.php?err=Database error: cannot prepare statement");
120. exit();
121. }
122. }
123.  
124. function login_check($mysqli) {
125. // Check if all session variables are set
126. if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
127. $user_id = $_SESSION['user_id'];
128. $login_string = $_SESSION['login_string'];
129. $username = $_SESSION['username'];
130.  
131. // Get the user-agent string of the user.
132. $user_browser = $_SERVER['HTTP_USER_AGENT'];
133.  
134. if ($stmt = $mysqli->prepare("SELECT password
135. FROM members
136. WHERE id = ? LIMIT 1")) {
137. // Bind "$user_id" to parameter.
138. $stmt->bind_param('i', $user_id);
139. $stmt->execute(); // Execute the prepared query.
140. $stmt->store_result();
141.  
142. if ($stmt->num_rows == 1) {
143. // If the user exists get variables from result.
144. $stmt->bind_result($password);
145. $stmt->fetch();
146. $login_check = hash('sha512', $password . $user_browser);
147.  
148. if ($login_check == $login_string) {
149. // Logged In!!!!
150. return true;
151. } else {
152. // Not logged in
153. return false;
154. }
155. } else {
156. // Not logged in
157. return false;
158. }
159. } else {
160. // Could not prepare statement
161. header("Location: ../error.php?err=Database error: cannot prepare statement");
162. exit();
163. }
164. } else {
165. // Not logged in
166. return false;
167. }
168. }
169.  
170. function esc_url($url) {
171.  
172. if ('' == $url) {
173. return $url;
174. }
175.  
176. $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
177.  
178. $strip = array('%0d', '%0a', '%0D', '%0A');
179. $url = (string) $url;
180.  
181. $count = 1;
182. while ($count) {
183. $url = str_replace($strip, '', $url, $count);
184. }
185.  
186. $url = str_replace(';//', '://', $url);
187.  
188. $url = htmlentities($url);
189.  
190. $url = str_replace('&amp;', '&#038;', $url);
191. $url = str_replace("'", '&#039;', $url);
192.  
193. if ($url[0] !== '/') {
194. // We're only interested in relative links from $_SERVER['PHP_SELF']
195. return '';
196. } else {
197. return $url;
198. }
199. }