function logged_out() { session_destroy(); //tells the server "whatever sessions you have, ELIMINATE THEM" login_handler("../admin_login.php"); }
function logIn($username, $password, $ip) { require_once 'connect.php'; //LOCALHOST TEST /////////////////////////////////////////////////////////// //login: aa //password: hello //login: gg //password: test /////////////////////////////////////////////////////////// $username = mysqli_real_escape_string($link, $username); $password = trim($password); //get rid of any white spaces before and after the characters - in case of copy and pasting $password = mysqli_real_escape_string($link, $password); //the password the user types in $attemptstring = "SELECT * FROM tbl_user WHERE user_name='{$username}'"; $attempts = mysqli_query($link, $attemptstring); $att = mysqli_fetch_array($attempts, MYSQLI_ASSOC); if (mysqli_num_rows($attempts)) { if ($att['user_attempts'] >= 3) { $message = "Your account has been locked. Please contact the administrator for more details."; return $message; } else { $passwordCheck = $att['user_pass']; if (password_verify($password, $passwordCheck)) { $loginstring = "SELECT * FROM tbl_user WHERE user_name='{$username}' AND user_pass='******'"; $user_set = mysqli_query($link, $loginstring); if (mysqli_num_rows($user_set)) { $found_user = mysqli_fetch_array($user_set, MYSQLI_ASSOC); $id = $found_user['user_id']; $_SESSION['user_id'] = $id; $_SESSION['user_level'] = $found_user['user_level']; $_SESSION['user_name'] = $found_user['user_name']; $_SESSION['user_fname'] = $found_user['user_fname']; $_SESSION['user_lastaccessed'] = $found_user['user_lastaccessed']; $prevSession = $_SERVER['REQUEST_TIME']; $createdaccount = $found_user['user_createdon']; $updatecount = "UPDATE tbl_user SET user_attempts=0 WHERE user_id={$id}"; $updatequery = mysqli_query($link, $updatecount); if (mysqli_query($link, $loginstring)) { $updatestring = "UPDATE tbl_user SET user_ip='{$ip}', user_lastaccessed='{$prevSession}' WHERE user_id={$id}"; $updatequery = mysqli_query($link, $updatestring); } if ($_SESSION['user_lastaccessed'] == 0 && $prevSession - $createdaccount >= 15) { echo "Sorry, your account has been locked. Please contact the adminstrator for more details."; } else { if ($_SESSION['user_lastaccessed'] == 0) { login_handler("admin_editUser.php"); } else { login_handler("admin_index.php"); } } } else { echo "There was an error. Please contact the administrator for more information."; } } else { $id = $att['user_id']; $updatecount = "UPDATE tbl_user SET user_attempts=user_attempts+1 WHERE user_id={$id}"; $updatequery = mysqli_query($link, $updatecount); $message = "Username and password are incorrect.<br>Please try again."; return $message; } } } else { $message = "Username and password are incorrect.<br>Please try again."; return $message; } mysqli_close($link); }