Beispiel #1
require_once __DIR__ . '/../includes/mysqli_connect.php';
require_once __DIR__ . '/../includes/functions.php';
$username = strip_tags($_POST['username']);
$password = hash("sha256", $_POST['password']);
$timestamp = date('Y-m-d H:i:s');
//Check for a record that matches the POSTed credentials
$query = "SELECT * FROM users WHERE username = '******'";
$result = $mysqli->query($query);
$user = mysqli_fetch_assoc($result);
if ($result->num_rows == 0) {
    echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> Sorry, this username does not exist.</span>";
} else {
    if ($user['password'] != $password) {
        echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> Sorry, this password is incorrect.</span>";
    } else {
        if ($user['active'] != 1) {
            echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> You need to activate your account first!</span>";
if ($result->num_rows == 1 && $user['active'] == 1) {
    $_SESSION['user'] = $username;
    if (strlen($user['fb_id']) > 0) {
        $_SESSION['fbId'] = $user['fb_id'];
    mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$user['id']}, 'login', '{$timestamp}')");
    if ($_POST['rememberme']) {
function checkFbUser($fbId, $fbFirstName, $fbLastName, $fbEmail, $userId)
    $mysqli = getMysqli();
    $image = "//{$fbId}/picture";
    $timestamp = date('Y-m-d H:i:s');
    if ($mysqli->query("SELECT * FROM users WHERE fb_id = '{$fbId}'")->num_rows !== 0) {
        // we have this user. just log him in, and update his info
        if ($userId) {
            $respCode = 1;
        } else {
            $updateQuery = "UPDATE users SET fb_fname='{$fbFirstName}', fb_lname='{$fbLastName}' WHERE fb_id='{$fbId}'";
            //$updateQuery = "UPDATE users SET fb_name='$fbFullName' WHERE fb_id='$fbId'";
            mysqli_query($mysqli, $updateQuery);
            $userId = mysqli_fetch_assoc($mysqli->query("SELECT id, username FROM users WHERE fb_id='{$fbId}'"));
            mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId['id']}, 'fb_login', '{$timestamp}')");
            if (strlen($userId['username']) > 0) {
                $_SESSION['user'] = $userId['username'];
    } else {
        if ($userId) {
            // we have a user, but no facebook information. update it
            $updateQuery = "UPDATE users SET fb_id='{$fbId}', fb_fname='{$fbFirstName}', fb_lname='{$fbLastName}', image='{$image}'" . (strlen($fbEmail) > 0 ? ", email='{$fbEmail}'" : "") . " WHERE id={$userId}";
            mysqli_query($mysqli, $updateQuery);
            mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId}, 'fb_login', '{$timestamp}')");
            $respCode = 2;
        } else {
            // we don't have this user. Add him to the DB, make him active
            $fbEmail = strlen($fbEmail) > 0 ? "'{$fbEmail}'" : "NULL";
            $hash = md5(rand(0, 1000));
            $createUserQuery = "INSERT INTO users VALUES (NULL, NULL, NULL, '{$fbId}', '{$fbFirstName}', '{$fbLastName}', {$fbEmail}, '{$image}', 0, 1, 1, '{$hash}', '', '', 1)";
            mysqli_query($mysqli, $createUserQuery);
            $userId = mysqli_fetch_assoc($mysqli->query("SELECT id FROM users WHERE fb_id='{$fbId}'"))['id'];
            mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId}, 'fb_signup', '{$timestamp}')");
            //echo $createUserQuery;
    return $respCode ? $respCode : 0;
    $_POST['login_username'] = $_POST['full_login_username'];
    $_POST['login_password'] = $_POST['full_login_password'];
if (isset($_POST['login_username']) && isset($_POST['login_password'])) {
    // Clean up the post data
    $username = strip_tags($_POST['login_username']);
    //hash the entered password for comparison with the db
    $password = hash("sha256", $_POST['login_password']);
    //Check for a record that matches the POSTed credentials
    $query = "SELECT * FROM users WHERE username = '******' AND password = '******';";
    $result = $mysqli->query($query);
    $user = mysqli_fetch_assoc($result);
    if ($result && $result->num_rows == 1 && $user['active'] == 1) {
        $_SESSION['user'] = $_POST['login_username'];
        if (isset($_POST['stay-logged']) || isset($_POST['stay-logged-full'])) {
    mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$result['id']}, 'login', '{$timestamp}')");
$remembered = rememberMe();
if ($remembered) {
    $account = mysqli_fetch_assoc($mysqli->query("SELECT * FROM users WHERE id={$remembered}"));
    $_SESSION['user'] = $account['username'];
    $_SESSION['fbId'] = $account['fb_id'];
if ($loggedIn) {
    $fb = isset($_SESSION['fbId']);
    $user = isset($_SESSION['user']);
    $dbAccountFinder = $fb ? "fb_id='{$_SESSION['fbId']}'" : "username='******'user']}'";
    $accountQuery = "SELECT * FROM users WHERE {$dbAccountFinder}";
Beispiel #4
function doLogin()
    $user = getP('user');
    $pass = getP('pass');
    //Config file contents
    $configStr = "UserName {$user}\n";
    if (!$savePasswordHash) {
        $configStr .= "Password <quote>{$pass}<quote>\n";
    } else {
        $configStr .= "HashedPassword " . getPasswordHash($pass) . "\n";
    $configFile = getConfigFullName();
    //Check if dir structure exists. mkdir if dir does not exist
    if (!file_exists($configFile)) {
        return '{ "success": false, "message": "Config file not found"}';
    //Write config file
    if (!file_put_contents($configFile, $configStr)) {
        return '{ "success": false, "message": "Can not write config file"}';
    $retriesFRead = 0;
    $statusFile = getStatusFullName();
    //Check few times if client writes a health file
    while (!file_exists($statusFile)) {
        if ($retriesFRead >= 30) {
    $retriesFRead1 = 0;
    $statusFileStr = "";
    //Check few times if health file status is successful login
    if (file_exists($statusFile)) {
        while (strpos($statusFileStr, "login successful") === FALSE) {
            $statusFileStr = file_get_contents($statusFile);
            if ($retriesFRead1 >= 30) {
    if (function_exists('onLogin')) {
    $failureDetails = "";
    if (strpos($statusFileStr, "login successful") !== FALSE) {
        return '{ "success": true }';
    } else {
        if (strpos($statusFileStr, "login failed") !== FALSE) {
            $statusFileArr = split("\n", $statusFileStr);
            if (is_array($statusFileArr) && count($statusFileArr) > 1) {
                $failureDetails = '. ' . ucfirst($statusFileArr[1]);
    return '{ "success": false, "message": "Login failed' . $failureDetails . '"}';