$username = $db->real_escape_string($username);
$password = $db->real_escape_string($password);
$query = "SELECT\n\t\t\t\t\t *\n\t\t\t\t\tFROM drivers\n\t\t\t\t\tWHERE dPassword='******' AND dUsername='******' AND dActive=1";
$sql = $db->query($query);
$row = $sql->fetch_array();
$row_cnt = $sql->num_rows;
$bruteCheck = bruteForceCheck($username, 1, $lockedAt);
if ($bruteCheck[0]) {
$error = $bruteCheck[1];
} else {
if ($row_cnt == 1) {
$_SESSION['loginUser'] = $username;
$_SESSION['driverID'] = $row['dID'];
$_SESSION['driverName'] = $row['dFirstName'] . " " . $row['dLastName'];
$_SESSION['userType'] = $_POST['userType'];
bruteForceClean($row['dID'], 1);
$error = 0;
} else {
// Trap will go here
bruteForceProtection($username, 1);
$error = "Username or Password is invalid";
}
}
echo $error;
} else {
if ($_POST['userType'] == "Admin") {
$username = $_POST['userName'];
$password = $_POST['password'];
$active = 1;
$username = stripslashes($username);
$password = stripslashes($password);
function checkUnlock($uID)
{
// Unlock admin only
include '../connection.php';
$lockTime = 10;
$unixTime = mktime(date("H"), date("i"), date("s"), date('n'), date('j'), date('Y'));
$query = "select * from trap where lockedID='{$uID}' AND lockType='0'";
$sql = $db->query($query);
$row = $sql->fetch_array();
$unixLock = $lockTime * 60;
$lockedTime = $row['tTimestamp'];
$unlockAt = $lockedTime + $unixLock;
if ($unixTime >= $unlockAt) {
bruteForceClean($uID, 0);
return "Your account has been unlocked please try loging in one more time";
}
$timeR = $unlockAt - $unixTime;
$timeR = $timeR / 60;
$timeR = round($timeR, 1, PHP_ROUND_HALF_UP);
return "You are locked out, your account will unlock in {$timeR} min";
}
