function process_login_form()
{
$email = strtolower($_POST['email']);
$passhash = hash_pass($email, $_POST['pass']);
// Check to see if the user/ip is temporarily banned:
// An IP is banned when 10 unsuccessful attempts are made to log in from a single IP/email within 10 minutes,
// regardless of whether any successful attempts were made.
$attempts = DBExt::queryCount('login_attempts', array('successful=0', '(remote_ip=%s OR email=%s)', DBExt::timeInInterval('request_time', '-10m', '')), $_SERVER['REMOTE_ADDR'], $email);
if ($attempts > 10) {
log_attempt($email, false);
alert('You have been temporarily locked out. Please wait 10 minutes before attempting to sign in again.', -1);
show_login_form('');
return;
}
// Check for super-user login:
// (the account LHSMATH and password set in CONFIG
if ($email == 'lhsmath') {
global $LHSMATH_PASSWORD;
if ($passhash == $LHSMATH_PASSWORD) {
// $LHSMATH_PASSWORD is pre-hashed
log_attempt('LHSMATH', true);
session_destroy();
session_name('Session');
session_start();
session_regenerate_id(true);
$_SESSION['user_name'] = 'LHSMATH Super-Admin';
$_SESSION['permissions'] = '+';
$_SESSION['login_time'] = time();
$_SESSION['user_id'] = '-999';
header('Location: ' . URL::root() . '/Admin/Super_Admin');
die;
}
}
// Validate credentials
$id = DB::queryFirstField('SELECT id FROM users WHERE LOWER(email)=%s AND passhash=%s LIMIT 1', $email, $passhash);
if (is_null($id)) {
log_attempt($email, false);
show_login_form($email);
alert('Incorrect email address or password', -1);
return;
}
// ** CREDENTIALS ARE VALIDATED AT THIS POINT ** //
log_attempt($email, true);
set_login_data($id);
alert('Logged in!', 1);
//If this page was being included, redirect back.
global $being_included;
if ($being_included) {
header('Location: ' . $_SERVER['REQUEST_URI']);
} else {
header('Location: ../Home');
}
}
header("Location: {$URL}");
die;
} else {
header('Location: index.php');
die;
}
} else {
log_attempt($UserID);
if ($Enabled == 2) {
header('location:login.php?action=disabled');
} elseif ($Enabled == 0) {
$Err = 'Your account has not been confirmed.<br />Please check your email.';
}
setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);
}
} else {
log_attempt($UserID);
$Err = 'Your username or password was incorrect.';
setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);
}
} else {
log_attempt($UserID);
setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);
}
} else {
log_attempt('0');
setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false);
}
}
require 'sections/login/login.php';
}
// configuration
require "../includes/config.php";
// if form was submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// validate submission
if (empty($_POST["username"])) {
apologize("You must provide your username.");
}
if (empty($_POST["password"])) {
apologize("You must provide your password.");
}
// if we found user, check password
if ($user = get_user($_POST["username"])) {
if ($user["failed_logins"] >= 3) {
apologize("account locked");
}
log_attempt($user, $_SERVER["REMOTE_ADDR"], $success = password_verify($_POST["password"], $user["password"]));
if ($success) {
// remember that the user is now logged in
session_start();
$_SESSION["user"] = $user;
// redirect to homepage
redirect("home.php");
}
}
// else apologize
apologize("Invalid username and/or password.");
} else {
// else render form
render("login_form.php", ["title" => "Log In"]);
}
