$results = get_user_data($uuid); if (is_array($results)) { $uuid = $results[1]; $database_password = $results[2]; $salt = $results[3]; // Validate that the supplied password is correct $hashed_password = hash("sha512", $password . $salt); if ($database_password == $hashed_password) { // Store cookie on client's computer $cookie = Cookie::create($uuid, $hashed_password); $result = $cookie_handler->set_cookie("compsec", $cookie); if ($result == false) { print "An unexpected error has prevented you from logging in. Reason: Unable to create a login cookie."; } // Login successful update_last_login($uuid); header("location:index.php"); } else { print "Error: Invalid password. Press the back button to try again."; } } else { print "Error: User does not exist! Press the back button to try again."; } } ?> </p> </div> </p> </p>
// Include required functions file require_once 'includes/functions.php'; require_once 'includes/authenticate.php'; // Session handler is database session_set_save_handler('db_open', 'db_close', '_read', '_write', '_destroy', '_clean'); // Start session session_start('SimpleRisk'); // If the login form was posted if (isset($_POST['submit'])) { $user = $_POST['user']; $pass = $_POST['pass']; // If the user is valid if (is_valid_user($user, $pass)) { $_SESSION["access"] = "granted"; // Update the last login update_last_login($_SESSION['uid']); // Audit log $risk_id = 1000; $message = "Username \"" . $_SESSION['user'] . "\" logged in successfully."; write_log($risk_id, $_SESSION['uid'], $message); // Redirect to the reports index header("Location: /reports"); } else { $_SESSION["access"] = "denied"; } } ?> <!doctype html> <html>