function logonCheck($user, $pass) { $result = mysql_query("SELECT password FROM USER WHERE username='******'") or die("An error has occured, please report this error message the the administrator:<br /> <font color=\"red\">" . mysql_error() . "</font>"); $row = mysql_fetch_row($result); if ($row[0] == $pass) { if (!isAct($user)) { die("The username you are trying to log into, is not currently activated, please access your email and click the activation link"); } $exists = true; startLogin($user); } else { $exists = false; } mysql_free_result($result) or die("An error has occured, please report this error message the the administrator:<br /> <font color=\"red\">" . mysql_error() . "</font>"); unset($result); unset($row); return $exists; }
function userLogin($username = null, $password = null) { try { $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w"; $pw = hash("sha256", $password . $salt); $con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD); $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1"; $stmt = $con->prepare($sql); $stmt->bindValue("username", $username, PDO::PARAM_STR); $stmt->bindValue("password", $pw, PDO::PARAM_STR); $stmt->execute(); $valid = $stmt->fetchColumn(); if ($valid) { startLogin($username); } else { echo "[{\"type\":\"error\",\"msg\":\"Incorrect username or password.\"}]"; } } catch (PDOException $e) { echo "{Error:{That user name is already in use.}}"; } }