|
|
|
@@ -7,33 +7,29 @@ |
|
|
|
<BODY> |
|
|
|
<CENTER> |
|
|
|
<?php |
|
|
|
include_once ('connection.php'); |
|
|
|
require "lib/password.php"; |
|
|
|
$con = new mysqli(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME); |
|
|
|
include_once ('connect.php'); |
|
|
|
$con = mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME); |
|
|
|
session_start(); |
|
|
|
$username = mysqli_real_escape_string($con, $_POST['username']); |
|
|
|
$password = mysqli_real_escape_string($con, $_POST['password']); |
|
|
|
# $password = sha1($password); //this is the original line of code, just found sha1isn't any better than md5 |
|
|
|
$passhash = password_hash($password, PASSWORD_BCRYPT, array("cost" => 15)); |
|
|
|
$password = $_POST['password']; |
|
|
|
|
|
|
|
if ($con->connect_errno > 0){ |
|
|
|
die ('Unable to connect to database [' . $db->connect_errno . ']'); |
|
|
|
} |
|
|
|
$sqllogin = "SELECT * FROM users WHERE users.username = '$username' and passwd = '$passhash'"; |
|
|
|
if ($result = $con->query($sqllogin)){ |
|
|
|
$row_cnt = mysqli_num_rows($result); |
|
|
|
if ($row_cnt > 0){ |
|
|
|
while ($row = $result->fetch_array()){ |
|
|
|
$uname = $row['username']; |
|
|
|
$uid = $row['userid']; |
|
|
|
$_SESSION['username'] = $uname; |
|
|
|
$_SESSION['userid'] = $uid; |
|
|
|
} |
|
|
|
header("refresh:1;url=index.php"); |
|
|
|
echo 'You have successfully logged in ...<BR />Returning to index in a few seconds</CENTER>'; |
|
|
|
} else { |
|
|
|
echo 'That was not a valid username or password!<BR /><BR />'; |
|
|
|
echo 'Please try again <A HREF="index.php" CLASS="navlink">here</A></CENTER>'; |
|
|
|
} |
|
|
|
$sqluname = "select * from userinfo where username = '$username'"; |
|
|
|
$result = mysqli_query($con, $sqluname); |
|
|
|
$row = mysqli_fetch_row ($result); |
|
|
|
$verifypass = password_verify ($password,$row[2]); |
|
|
|
if ($verifypass) { |
|
|
|
$_SESSION['userid'] = $row[0]; |
|
|
|
$_SESSION['username'] = $row[1]; |
|
|
|
$_SESSION['usermail'] = $row[3]; |
|
|
|
$_SESSION['admin'] = $row[4]; |
|
|
|
include_once ('header.php'); |
|
|
|
header("refresh:1;url=index.php"); |
|
|
|
echo '<center>You have successfully logged in!<br />'; |
|
|
|
} else { |
|
|
|
echo 'The username or password provided don\'t match!<br />Please <a href="index.php" class="navlink">try again</a><br />'; |
|
|
|
exit(); |
|
|
|
} |
|
|
|
include_once ('footer.php'); |
|
|
|
?> |
