public static function doLogin($username, $submitted_password, $allow_login, $ip, $db)
{
if ($allow_login) {
//Checking to see if the Username exists in the database
$stmt = $db->prepare("SELECT * FROM user_accounts WHERE username=? LIMIT 1");
$stmt->execute(array($username));
$loginInfo = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($loginInfo['uid'])) {
if ($loginInfo['lockdown'] == 1) {
setAlert('danger', 'Account Locked', 'This account has been locked by an Administrator, and cannot be used to log in.');
} elseif (password_verify($submitted_password, $loginInfo['password'])) {
//Password is valid - Setting a blank session hash string
$random_string = generateRandom(32);
$_SESSION['sid'] = $random_string;
$stmt = $db->prepare('INSERT INTO sessions (sid,uid,expire) VALUES (?,?,?)');
$stmt->execute(array($random_string, $loginInfo['uid'], time()));
// Adding the most recent login time to the database information
$stmt = $db->prepare('UPDATE user_accounts SET last_login = ? WHERE uid = ?');
$stmt->execute(array(time(), $loginInfo['uid']));
header('Location: ' . SITE_ADDRESS . '/dashboard');
} else {
//The password is invalid - adding this request to the brute table
User::bruteInsert($ip, $username, $db);
$_SESSION['alert-subtext'] = "The username or password that you have entered is invalid.";
}
} else {
//The username doesn't exist
User::bruteInsert($ip, $username, $db);
$_SESSION['alert-subtext'] = "The username or password that you have entered is invalid.";
}
} else {
//This ip is brute-banned. They cannot log in.
setAlert('danger', 'IP Address Banned', 'The IP Address you are connecting from has been temporarily banned due to repeated failed login attempts. Please try again later.');
}
}
