$logged_in = evalLoggedUser($log_id, $log_username, $log_password);
} else {
if (isset($_COOKIE["user_email"]) && isset($_COOKIE["user_name"]) && isset($_COOKIE["user_password"]) && isset($_COOKIE["user_id"]) && isset($_COOKIE["user_account_type"])) {
error_log("Session expired.");
error_log("cookie user id: " . $_COOKIE["user_id"]);
error_log("cookie user name: " . $_COOKIE["user_name"]);
error_log("cookie user pass: "******"user_password"]);
error_log("cookie user email: " . $_COOKIE["user_email"]);
error_log("cookie user account_type: " . $_COOKIE["user_account_type"]);
//If session expired, but session isn't reset session
$_SESSION['user'] = array('id' => preg_replace('#[^0-9]#', '', $_COOKIE['user_id']), 'name' => preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user_name']), 'password' => $_COOKIE['user_password'], 'email' => $_COOKIE['user_email'], 'account_type' => preg_replace('#[^0-9]#', '', $_COOKIE['user_account_type']));
$log_id = $_SESSION['user']['id'];
$log_username = $_SESSION['user']['name'];
$log_password = $_SESSION['user']['password'];
// Verify the user
$logged_in = evalLoggedUser($log_id, $log_username, $log_password);
/*if($logged_in == true){
//Update last act
try{
$stmt = $db->prepare('UPDATE jpdrills_users
SET last_login=now()
WHERE id=:id LIMIT 1
');
$stmt->bindParam(':id',$log_id,PDO::PARAM_STR);
$stmt->execute();
}catch(PDOException $ex){
error_log("Couldn't update last_login $ex");
}
}*/
}
}
$sql = "SELECT ip FROM users WHERE id='{$id}' AND email='{$e}' AND password='******' AND activated='1' LIMIT 1";
//AND activated='1'
$query = mysqli_query($conn, $sql);
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
return true;
}
}
if (isset($_SESSION["userid"]) && isset($_SESSION["email"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_email = preg_replace('#[^a-z0-9]#i', '', $_SESSION['email']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$user_ok = evalLoggedUser($conn, $log_id, $log_email, $log_password);
} else {
if (isset($_COOKIE["id"]) && isset($_COOKIE["email"]) && isset($_COOKIE["pass"])) {
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['email'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['email']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_email = $_SESSION['email'];
$log_password = $_SESSION['password'];
// Verify the user
$user_ok = evalLoggedUser($conn, $log_id, $log_email, $log_password);
if ($user_ok == true) {
// Update their lastlogin datetime field
$sql = "UPDATE users SET lastlogin=now() WHERE id='{$log_id}' LIMIT 1";
$query = mysqli_query($conn, $sql);
}
}
}
}
//** Don't need to update last_act here anymore. See js/update-status.js **/
//$sql = "UPDATE users SET last_act=now() WHERE id='$id' LIMIT 1";
//$query = mysql_query($sql);
return true;
}
}
if (isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$user_ok = evalLoggedUser($log_id, $log_username, $log_password);
} else {
if (isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])) {
//If session expired, but session isn't reset session
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_username = $_SESSION['username'];
$log_password = $_SESSION['password'];
// Verify the user
$user_ok = evalLoggedUser($log_id, $log_username, $log_password);
if ($user_ok == true) {
// Update their lastlogin datetime field
$sql = "UPDATE users SET last_login=now() WHERE id='{$log_id}' LIMIT 1";
$query = mysql_query($sql);
}
}
}
$sql = "SELECT * FROM users WHERE id='{$id}' AND email='{$e}' AND password='******'";
// AND activated='1'
$result = mysqli_query($conx, $sql);
$numrows = $result->num_rows;
if ($numrows > 0) {
return true;
}
}
if (isset($_SESSION["userid"]) && isset($_SESSION["email"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_email = mysqli_real_escape_string($db_conx, $_SESSION['email']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$user_ok = evalLoggedUser($db_conx, $log_id, $log_email, $log_password);
} else {
if (isset($_COOKIE["id"]) && isset($_COOKIE["email"]) && isset($_COOKIE["pass"])) {
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['email'] = mysqli_real_escape_string($db_conx, $_COOKIE['email']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_email = $_SESSION['email'];
$log_password = $_SESSION['password'];
// Verify the user
$user_ok = evalLoggedUser($db_conx, $log_id, $log_email, $log_password);
if ($user_ok == true) {
// Update their lastlogin datetime field
$sql = "UPDATE users SET lastlogin=now() WHERE id='{$log_id}' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
}
}
}
<?php
session_start();
include_once 'php_inc/connect.php';
$log_login_status = false;
$log_logid = "";
$log_uname = "";
$log_password = "";
$log_utype = "";
function evalLoggedUser($con, $logid, $uname, $pass, $ut)
{
$sql = "SELECT * FROM users WHERE logid='{$logid}' AND password='******' AND utype='{$ut}'";
$query = mysqli_query($con, $sql);
$numrows = mysqli_num_rows($query);
//~ mysqli_close($con);
if ($numrows > 0) {
return true;
}
}
if (isset($_SESSION['logid']) && isset($_SESSION['uname']) && isset($_SESSION['password']) && isset($_SESSION['utype'])) {
$log_logid = preg_replace('#[^a-z0-9]#', '', $_SESSION['logid']);
//~ $log_uname = preg_replace('#[^a-z0-9]#', '', $_SESSION['uname']);
$log_password = preg_replace('#[^a-z0-9]#', '', $_SESSION['password']);
$log_utype = preg_replace('#[^a-z0-9]#', '', $_SESSION['utype']);
$log_login_status = evalLoggedUser($con, $log_logid, $log_uname, $log_password, $log_utype);
} else {
//~ echo "Login status incorrect";
//~ mysqli_close($con);
//~ exit();
}
//echo $errr . " ";
if (isset($_SESSION["userid"]) && isset($_SESSION["password"]) && isset($_SESSION["userType"])) {
// $errr = $errr . "5555";
//echo $errr . " ";
$log_id = preg_replace('#[^a-z0-9]#i', '', $_SESSION['userid']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
$log_userType = preg_replace('#[^a-z0-9]#i', '', $_SESSION['userType']);
// Verify the user
$user_ok = evalLoggedUser($db_conx, $log_id, $log_password, $log_userType);
// $errr = $errr . "8888888";
//echo $errr . " ";
} else {
if (isset($_COOKIE["id"]) && isset($_COOKIE["password"]) && isset($_COOKIE["userType"])) {
//$errr = $errr . "66666";
//echo $errr . " ";
$_SESSION['userid'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['id']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['password']);
$_SESSION['userType'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['userType']);
$_SESSION['pic_id'] = "";
$log_id = $_SESSION['userid'];
$log_password = $_SESSION['password'];
$log_userType = $_SESSION['userType'];
// Verify the user
$user_ok = evalLoggedUser($db_conx, $log_id, $log_password, $log_userType);
// $errr = $errr ."999999 ";
//echo $errr . " ";
}
}
//$errr = $errr . "success ";
//echo $errr . " ";
//echo "success";
$user_ok = false;
$log_username = "";
$log_password = "";
if (isset($_SESSION["user"]) && isset($_SESSION["pass"])) {
$log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['user']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['pass']);
// Verify the user
$user_ok = evalLoggedUser($db_connect, $log_username, $log_password);
} else {
if (isset($_COOKIE["user"]) && isset($_COOKIE["pass"])) {
$_SESSION['user'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']);
$_SESSION['pass'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_username = $_SESSION['user'];
$log_password = $_SESSION['pass'];
// Verify the user
$user_ok = evalLoggedUser($db_connnect, $log_username, $log_password);
}
}
// If user is already logged in, redirect
if ($user_ok == true) {
echo "saved okk";
header("location: ?u=" . $_SESSION["user"]);
// redirect to appropieat user
exit;
}
if (isset($_POST["username"])) {
// GATHER THE POSTED DATA INTO LOCAL VARIABLES AND SANITIZE
$username = $_POST['username'];
$password = md5($_POST['password']);
// FORM DATA ERROR HANDLING
if ($username == "" || $password == "") {
$sql = "SELECT ip FROM table_users WHERE id='{$id}' AND password='******' AND activated='1' LIMIT 1";
$query = mysqli_query($conx, $sql);
$numrows = mysqli_num_rows($query);
if ($numrows > 0) {
return true;
}
}
if (isset($_SESSION["userid"]) && isset($_SESSION["password"])) {
$att_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$att_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$profile_ok = evalLoggedUser($db_conx, $att_id, $att_password);
if ($profile_ok == true) {
$log_id = $att_id;
}
} else {
if (isset($_COOKIE["id"]) && isset($_COOKIE["pass"])) {
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$att_id = $_SESSION['userid'];
$att_password = $_SESSION['password'];
// Verify the user
$profile_ok = evalLoggedUser($db_conx, $att_id, $att_password);
if ($profile_ok == true) {
$log_id = $att_id;
// Update their lastlogin datetime field
$sql = "UPDATE table_users SET lastlogin=now() WHERE id='{$att_id}' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
}
}
}
