function logonCheck($user, $pass)
{
$result = mysql_query("SELECT password FROM USER WHERE username='******'") or die("An error has occured, please report this error message the the administrator:<br /> <font color=\"red\">" . mysql_error() . "</font>");
$row = mysql_fetch_row($result);
if ($row[0] == $pass) {
if (!isAct($user)) {
die("The username you are trying to log into, is not currently activated, please access your email and click the activation link");
}
$exists = true;
startLogin($user);
} else {
$exists = false;
}
mysql_free_result($result) or die("An error has occured, please report this error message the the administrator:<br /> <font color=\"red\">" . mysql_error() . "</font>");
unset($result);
unset($row);
return $exists;
}
function userLogin($username = null, $password = null)
{
try {
$salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w";
$pw = hash("sha256", $password . $salt);
$con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM users WHERE username = :username AND password = :password LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->bindValue("username", $username, PDO::PARAM_STR);
$stmt->bindValue("password", $pw, PDO::PARAM_STR);
$stmt->execute();
$valid = $stmt->fetchColumn();
if ($valid) {
startLogin($username);
} else {
echo "[{\"type\":\"error\",\"msg\":\"Incorrect username or password.\"}]";
}
} catch (PDOException $e) {
echo "{Error:{That user name is already in use.}}";
}
}
