function CheckLogin($connection, $level) { // Check if all session variables are set sec_session_start(); // specifically check our username and hashed password if (isset($_SESSION['username'], $_SESSION['secondpw'])) { $username = $_SESSION['username']; $secondpw = $_SESSION['secondpw']; $username = $connection->escape_string($username); //$secondpw = $connection->escape_string($secondpw); // Get the user-agent string of the user. //$user_browser = $_SERVER['HTTP_USER_AGENT']; $sql = "SELECT HashPassword,Salt from Users WHERE UserName = '******' AND Confirmed = '1' AND Level >= '" . $level . "' AND idUsers > 0;"; // parallel assignment short cut list($result, $valid) = DoQuery($sql, $connection); // output only if we have anything if ($result && $valid) { $row = mysqli_fetch_array($result); $password = $row['HashPassword']; $salt = $row['Salt']; // don't share the hashed pw either $options = ['cost' => 11, 'salt' => $salt]; $newhash = password_hash($password, PASSWORD_BCRYPT, $options); // check stored hash against the regenerated value if ($secondpw == $newhash) { return true; } else { return false; } } else { return false; } } else { return false; } }
function login() { require_once 'DBConnect.php'; require_once 'DBCalls.php'; require_once 'secSession.php'; sec_session_start(); $username = isset($_SESSION['username']) ? $_SESSION['username'] : false; $userType = isset($_SESSION['userType']) ? $_SESSION['userType'] : false; if ($userType == "reader") { $con = new DBConnect('marketplace'); } else { if ($userType == "author") { $con = new DBConnect('workbench'); } else { $con = false; } } if ($con) { $calls = new DBCalls(); $loggedIn = $calls->loginCheck($con); } else { $loggedIn = false; } $GLOBALS['username'] = $username; $GLOBALS['userType'] = $userType; return $loggedIn; }
function logout() { sec_session_start(); $_SESSION = array(); $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); session_destroy(); unset($_SESSION); session_regenerate_id(true); header('Location: ' . htmlspecialchars($_SERVER['PHP_SELF'])); }
function logout() { if (session_status() == PHP_SESSION_NONE) { sec_session_start(); } if (isset($_SESSION['user'])) { unset($_SESSION['user']); } if (isset($_SESSION['timeout'])) { unset($_SESSION['timeout']); } }
function load($page = 'admins.php', $pid = -1) { # Begin URL with protocol, domain, and current directory. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); # Remove trailing slashes then append page name to URL and the president id. $url = rtrim($url, '/\\'); $url .= '/' . $page; # Execute redirect then quit. sec_session_start(); $_SESSION['pid'] = $pid; header("Location: {$url}"); exit; }
<!-- Copyright (c) 2015 Blink All Rights Reserved This product is protected by copyright and distributed under licenses restricting copying, distribution, and decompilation. Gerardo López | Iván Nolasco | Renato Andres --> <?php include_once '../assets/includes/db_conexion.php'; include_once '../assets/includes/funciones.php'; sec_session_start(); $user = $_SESSION['username']; $elidespecial = $_SESSION['user_id']; $idusr = $_SESSION['user_id']; $avatar = ''; if ($stmt = $mysqli->prepare("SELECT usuarios_tb.avatar, usuarios_tb.nombres, usuarios_tb.apellidos, usuarios_tb.nacimiento, usuarios_tb.descripcion, usuarios_tb.correo, usuarios_tb.tipo, usuarios_tb.lang, usuarios_tb.idusuario, user_config.banner, user_config.iduser FROM usuarios_tb INNER JOIN user_config ON usuarios_tb.idusuario = user_config.iduser WHERE usuarios_tb.idusuario = ?")) { $stmt->bind_param('s', $elidespecial); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($avatar, $nombres, $apellidos, $nacimiento, $descripcion, $correo, $tipo, $lang, $idusuario, $bannero, $iduserconf); $stmt->fetch(); } include "auto.php"; include "../assets/includes/lang.php"; // DISEÑO DEL PERFIL $super = ""; $cambe = "";
private function getMemberFromCookie() { global $db; if (!isset($_SESSION)) { sec_session_start(); } if (login_check($db) === true) { $sec_session_id_weedo = $_COOKIE["sec_session_id_weedo"]; if ($sec_session_id_weedo == "") { return false; } session_id($sec_session_id_weedo); session_name("sec_session_id_weedo"); if (isset($_SESSION["memberID"])) { $member = new Member($_SESSION["memberID"]); } else { $member = new Member(1); } return $member; } else { $member = new Member(1); return $member; } }
function check_login() { $email = filter_var($_POST["InputEmail"], FILTER_SANITIZE_EMAIL); $connection = connect_to_mysql(); $result = mysqli_query($connection, "SELECT * FROM users WHERE email = '" . $email . "'"); $row = mysqli_fetch_array($result); if ($_POST["InputEmail"] == "" || $_POST["InputPW1"] == "") { $GLOBALS['emptyFields'] = true; } else { if ($_POST["InputEmail"] != $email) { $GLOBALS['emailNotValid'] = true; } else { if (!password_verify($_POST["InputPW1"], $row["password"])) { $GLOBALS['wrongCredentials'] = true; } else { sec_session_start($email); header("Location: temp.php"); exit; } } } }
<?php include_once 'db_connect.php'; include_once 'functions.php'; sec_session_start(); // Our custom secure way of starting a PHP session. if (isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if (login($email, $password, $mysqli) == true) { // Login success header('Location: ../protected_page.php'); } else { // Login failed header('Location: ../index.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request'; } ?>