function user_get($db, $username, $password)
{
$sql = $db->prepare('
SELECT id, username, password
FROM users
WHERE username = :username
LIMIT 1
');
$sql->bindvalue(':username', $username, PDO::PARAM_STR);
$sql->execute();
$user = $sql->fetch();
if (empty($user) || !password_match($password, $user['password'])) {
return false;
}
return $user['id'];
}
$country = $_POST["country"];
$security = $_POST["security"];
$answer = $_POST["answer"];
// check if password matches
if (!password_match($password, $password_confirm)) {
?>
<p>Password doesn't match!</p>
<?php
}
if (!check_email_username($email, $username)) {
?>
<p>Email or username already exist!</p>
<?php
}
// check if pass all the tests
if (password_match($password, $password_confirm) && check_email_username($email, $username)) {
print "siginin";
sign_up($username, $lastname, $email, $password, $gender, $city, $state, $country, $security, $answer);
// start the session, remember the user name
session_start();
$db = new PDO("mysql:dbname=database; host=localhost", "root", "root");
$email = $db->quote($email);
$rows = $db->query("SELECT * FROM user WHERE email = {$email}");
foreach ($rows as $row) {
$_SESSION["username"] = $row["username"];
}
?>
<p>Welcome to Foodcart! <?php
echo $username;
?>
</p>
function access_verify_login($p_username, $p_password)
{
global $g_phpWN_user_table;
$c_username = db_prepare_string($p_username);
### get user info
$query = "SELECT *\r\n\t\t\t\tFROM {$g_phpWN_user_table}\r\n\t\t\t\tWHERE username='******' AND enabled=1";
$result = db_query($query);
$row = db_fetch_array($result);
if ($row) {
extract($row, EXTR_PREFIX_ALL, 'v');
} else {
### invalid login, retry
return false;
}
return password_match($p_password, $v_password);
}
function login()
{
if (SESSION_EMPTY() && GET('action') == 'login') {
if (password_match(POST('password'), POST('login'))) {
$_SESSION["remote_user"] = POST('login');
$_GET["action"] = POST('oldaction');
set_get_post('category');
set_get_post('subcategory');
return true;
}
}
return false;
}
# See the files README and LICENSE for details
# --------------------------------------------------------
# $Id: login.php,v 1.14 2002/09/26 12:03:58 vboctor Exp $
# --------------------------------------------------------
require_once 'core' . DIRECTORY_SEPARATOR . 'api.php';
$f_username = gpc_get_string('f_username');
$f_password = gpc_get_string('f_password');
$f_perm_login = gpc_get_string('f_perm_login', 'off');
$row = user_get_info(user_where_username_equals_and_enabled($f_username));
if ($row) {
extract($row, EXTR_PREFIX_ALL, 'v');
} else {
### invalid login, retry
util_header_redirect("{$g_login_page}?f_msg=error");
}
if (password_match($f_password, $v_password)) {
### set permanent cookie (1 year)
if (isset($f_perm_login) && $f_perm_login == "on") {
if (!setcookie($g_string_cookie, $v_cookie_string, time() + $g_cookie_time_length, $g_cookie_url)) {
# @@@@ Proper error message
echo "Unable to set cookie";
exit;
}
} else {
if (!setcookie($g_string_cookie, $v_cookie_string, 0, $g_cookie_url)) {
# @@@@ Proper error message
echo "Unable to set cookie";
exit;
}
}
util_header_redirect($g_admin_page);