if (!$password) {
error("You need to fill in a password.");
die;
}
$getPass = $mysqli->query("SELECT users.id,users.password FROM users WHERE users.username = '******' LIMIT 1");
$pass = $getPass->fetch_assoc();
function tryLogin($entered, $savedHash)
{
try {
Bcrypt::check($entered, $savedHash);
} catch (Exception $e) {
return false;
}
return true;
}
if (tryLogin($_POST['password'], $pass['password'])) {
$random = rand(100000, 999999);
$_SESSION['id'] = $pass['id'];
$_SESSION['secret'] = $random;
$secret = Bcrypt::hash($_SESSION['secret']);
$mysqli->query("UPDATE users SET users.secret = '{$secret}' WHERE users.id = {$pass['id']}");
header("Location: {$_SERVER['HTTP_REFERER']}");
} else {
error("Incorrect login.");
die;
}
} else {
?>
<div id="login-form">
<h2 class="align-center" style="margin-top:0">Login</h2>
/**
* Perform all page actions and choose a page to display.
* @throws UIError in case of failed logins and such.
*/
function performActions()
{
global $session, $status;
tryLogin();
tryPages();
/* If nothing matched, show default page. */
if ($status === "unknown") {
$status = "default";
}
}
<?php
function __autoload($class_name)
{
$path = str_replace('_', '/', $class_name);
require_once $path . '.class.php';
}
session_start();
if (isset($_REQUEST['cmd'])) {
$cmd = $_REQUEST['cmd'];
logOut();
}
if (isset($_REQUEST['userName'])) {
$userName = $_REQUEST['userName'];
$userPass = $_REQUEST['userPass'];
if (tryLogin($userName, $userPass)) {
$_SESSION['LoginName'] = $userName;
echo 'login successful, redirecting..';
header("refresh:2; url=index.php");
} else {
echo '<h1> wrong PassWord or UserName, redirecting..</h1>';
header("refresh:2; url=index.php");
}
} else {
echo '<h1> You have no permission directly to this page. Forwarding <h1>';
header("refresh:2; url=index.php");
}
function logOut()
{
$_SESSION = array();
session_destroy();
$this->pengar = 500;
}
public function __toString()
{
return 'USER ' . $this->username . ' IDENTIFIED BY ' . $this->pwd;
}
}
$users = array();
$users['seppo'] = new User('seppo', 'seponsalasana');
$users['kalevi'] = new User('kalevi', 'kalevinsalasana');
$user['jorma'] = new User('jorma', 'jormansalasana');
if (!isset($_POST['username']) || !isset($_POST['pwd'])) {
resErr('paramMissing');
} else {
if ($users[$_POST['username']]) {
tryLogin($users[$_POST['username']], $_POST['pwd']);
} else {
resErr('notfound');
}
}
function tryLogin($user, $pwd)
{
if ($user->pwd == $pwd) {
$_SESSION['username'] = $user->username;
$_SESSION['pengar'] = $user->pengar;
die("<script>location.href = 'indexp.php'</script>");
} else {
resErr('mismatch');
}
}
function resErr($type)
if (version_compare(PHP_VERSION, '5.3.7') < 0) {
throw new Exception('This system needs PHP 5.3.7 or later');
}
session_start();
// if we're already logged in, go to home
if (isLoggedIn()) {
redirectAndExit('index.php');
}
//handle the form posting
$username = '';
if ($_POST) {
// Init the database
$pdo = getPDO();
// redirect if password is correct
$username = $_POST['username'];
$ok = tryLogin($pdo, $username, $_POST['password']);
if ($ok) {
login($username);
redirectAndExit('index.php');
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
A blog application | Login
</title>
<?php
require 'templates/head.php';
