if (!$password) { error("You need to fill in a password."); die; } $getPass = $mysqli->query("SELECT users.id,users.password FROM users WHERE users.username = '******' LIMIT 1"); $pass = $getPass->fetch_assoc(); function tryLogin($entered, $savedHash) { try { Bcrypt::check($entered, $savedHash); } catch (Exception $e) { return false; } return true; } if (tryLogin($_POST['password'], $pass['password'])) { $random = rand(100000, 999999); $_SESSION['id'] = $pass['id']; $_SESSION['secret'] = $random; $secret = Bcrypt::hash($_SESSION['secret']); $mysqli->query("UPDATE users SET users.secret = '{$secret}' WHERE users.id = {$pass['id']}"); header("Location: {$_SERVER['HTTP_REFERER']}"); } else { error("Incorrect login."); die; } } else { ?> <div id="login-form"> <h2 class="align-center" style="margin-top:0">Login</h2>
/** * Perform all page actions and choose a page to display. * @throws UIError in case of failed logins and such. */ function performActions() { global $session, $status; tryLogin(); tryPages(); /* If nothing matched, show default page. */ if ($status === "unknown") { $status = "default"; } }
<?php function __autoload($class_name) { $path = str_replace('_', '/', $class_name); require_once $path . '.class.php'; } session_start(); if (isset($_REQUEST['cmd'])) { $cmd = $_REQUEST['cmd']; logOut(); } if (isset($_REQUEST['userName'])) { $userName = $_REQUEST['userName']; $userPass = $_REQUEST['userPass']; if (tryLogin($userName, $userPass)) { $_SESSION['LoginName'] = $userName; echo 'login successful, redirecting..'; header("refresh:2; url=index.php"); } else { echo '<h1> wrong PassWord or UserName, redirecting..</h1>'; header("refresh:2; url=index.php"); } } else { echo '<h1> You have no permission directly to this page. Forwarding <h1>'; header("refresh:2; url=index.php"); } function logOut() { $_SESSION = array(); session_destroy();
$this->pengar = 500; } public function __toString() { return 'USER ' . $this->username . ' IDENTIFIED BY ' . $this->pwd; } } $users = array(); $users['seppo'] = new User('seppo', 'seponsalasana'); $users['kalevi'] = new User('kalevi', 'kalevinsalasana'); $user['jorma'] = new User('jorma', 'jormansalasana'); if (!isset($_POST['username']) || !isset($_POST['pwd'])) { resErr('paramMissing'); } else { if ($users[$_POST['username']]) { tryLogin($users[$_POST['username']], $_POST['pwd']); } else { resErr('notfound'); } } function tryLogin($user, $pwd) { if ($user->pwd == $pwd) { $_SESSION['username'] = $user->username; $_SESSION['pengar'] = $user->pengar; die("<script>location.href = 'indexp.php'</script>"); } else { resErr('mismatch'); } } function resErr($type)
if (version_compare(PHP_VERSION, '5.3.7') < 0) { throw new Exception('This system needs PHP 5.3.7 or later'); } session_start(); // if we're already logged in, go to home if (isLoggedIn()) { redirectAndExit('index.php'); } //handle the form posting $username = ''; if ($_POST) { // Init the database $pdo = getPDO(); // redirect if password is correct $username = $_POST['username']; $ok = tryLogin($pdo, $username, $_POST['password']); if ($ok) { login($username); redirectAndExit('index.php'); } } ?> <!DOCTYPE html> <html> <head> <title> A blog application | Login </title> <?php require 'templates/head.php';