function verifyLogin()
{
// Redirect to HTTPS
redirectToHTTPS();
// Perhaps the user is already logged in
if (isset($_SESSION['username'])) {
return $_SESSION['userID'];
}
// Empty error message
$message = '';
// User is attempting to log in. Verify credentials.
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
try {
$db = new PDO("mysql:host=localhost;dbname=Island_Cars;charset=utf8", "root", "200337226");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
// Get the information about the user. This includes the
// hashed password, which will be prefixed with the salt.
$statement = $db->prepare("SELECT * FROM Users where UserName = '******'");
$statement->execute();
// Was this a real user?
if ($row = $statement->fetch()) {
// Validate the password
$hashword = $row['Password'];
//if (strpos(crypt($password, $hashword), $hashword)) {
if ($hashword == $password) {
$_SESSION['username'] = $row['UserName'];
$_SESSION['userID'] = htmlspecialchars($row['userID']);
} else {
echo "Password incorrect: " . $hashword . " " . crypt($password, $hashword);
require 'Login/View/failed_login.php';
exit;
}
} else {
echo "No username found";
require 'Login/View/failed_login.php';
exit;
}
} catch (PDOException $exception) {
require "Login/View/failed_login.php";
exit;
}
// We're logged in, so change session ID. If the session ID was
// stolen before we switched to HTTPS, it will do no good now.
changeSessionID();
return;
// Right role
} else {
require 'Login/View/mainpage.php';
exit;
}
}
*/
if(session_id() == ''):
ob_start();
session_start();
endif;
/*
*
* REQUIRED FILES
*
*/
require_once 'inc/functions.php';
require_once 'inc/globalVars.php';
if($domain!='localhost')
redirectToHTTPS();
/*
*
* DEFINE SQL
*
*/
$connection = mysql_connect($sqlHost, $sqlUsername, $sqlPassword) or die("Error connecting to database server");
mysql_select_db($sqlDatabase, $connection) or die("Error selecting database.");
/*
*
* PAGE/METHOD VARIABLES
*
*/
#remove the directory path we don't want
function verifyLogin($role)
{
// Redirect to HTTPS
redirectToHTTPS();
// Perhaps the user is already logged in
if (isset($_SESSION['username'])) {
// Does the user belong to the appropriate role?
if ($role == '' || isset($_SESSION['roles']) && in_array($role, $_SESSION['roles'])) {
return $_SESSION['uid'];
// Logged in, right role
} else {
/*require 'views/badRole.php';*/
// Logged in, wrong role
exit;
}
}
// Empty error message
$message = '';
// User is attempting to log in. Verify credentials.
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
try {
$db = new PDO("mysql:host=localhost;dbname=Grad_Prog_V5;charset=utf8", "root", "200337226");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
// Get the information about the user. This includes the
// hashed password, which will be prefixed with the salt.
$statement = $db->prepare("SELECT uid, username, hashword, role FROM users where username = '******'");
$statement->execute();
// Was this a real user?
if ($row = $statement->fetch()) {
// Validate the password
$hashword = $row['hashword'];
if (crypt($password, $hashword) == $hashword) {
$_SESSION['username'] = $row['username'];
$_SESSION['uid'] = htmlspecialchars($row['uid']);
$_SESSION['role'] = $row['role'];
} else {
require 'View/failed_login.php';
exit;
}
} else {
require 'View/failed_login.php';
exit;
}
} catch (PDOException $exception) {
require "View/failed_login.php";
exit;
}
// We're logged in, so change session ID. If the session ID was
// stolen before we switched to HTTPS, it will do no good now.
changeSessionID();
if ($role == '' || in_array($role, $_SESSION['roles'])) {
return;
// Right role
} else {
require 'View/mainpage.php';
exit;
}
} else {
require 'View/mainpage.php';
exit;
}
}