function logged_out()
{
session_destroy();
//tells the server "whatever sessions you have, ELIMINATE THEM"
login_handler("../admin_login.php");
}
function logIn($username, $password, $ip)
{
require_once 'connect.php';
//LOCALHOST TEST
///////////////////////////////////////////////////////////
//login: aa
//password: hello
//login: gg
//password: test
///////////////////////////////////////////////////////////
$username = mysqli_real_escape_string($link, $username);
$password = trim($password);
//get rid of any white spaces before and after the characters - in case of copy and pasting
$password = mysqli_real_escape_string($link, $password);
//the password the user types in
$attemptstring = "SELECT * FROM tbl_user WHERE user_name='{$username}'";
$attempts = mysqli_query($link, $attemptstring);
$att = mysqli_fetch_array($attempts, MYSQLI_ASSOC);
if (mysqli_num_rows($attempts)) {
if ($att['user_attempts'] >= 3) {
$message = "Your account has been locked. Please contact the administrator for more details.";
return $message;
} else {
$passwordCheck = $att['user_pass'];
if (password_verify($password, $passwordCheck)) {
$loginstring = "SELECT * FROM tbl_user WHERE user_name='{$username}' AND user_pass='******'";
$user_set = mysqli_query($link, $loginstring);
if (mysqli_num_rows($user_set)) {
$found_user = mysqli_fetch_array($user_set, MYSQLI_ASSOC);
$id = $found_user['user_id'];
$_SESSION['user_id'] = $id;
$_SESSION['user_level'] = $found_user['user_level'];
$_SESSION['user_name'] = $found_user['user_name'];
$_SESSION['user_fname'] = $found_user['user_fname'];
$_SESSION['user_lastaccessed'] = $found_user['user_lastaccessed'];
$prevSession = $_SERVER['REQUEST_TIME'];
$createdaccount = $found_user['user_createdon'];
$updatecount = "UPDATE tbl_user SET user_attempts=0 WHERE user_id={$id}";
$updatequery = mysqli_query($link, $updatecount);
if (mysqli_query($link, $loginstring)) {
$updatestring = "UPDATE tbl_user SET user_ip='{$ip}', user_lastaccessed='{$prevSession}' WHERE user_id={$id}";
$updatequery = mysqli_query($link, $updatestring);
}
if ($_SESSION['user_lastaccessed'] == 0 && $prevSession - $createdaccount >= 15) {
echo "Sorry, your account has been locked. Please contact the adminstrator for more details.";
} else {
if ($_SESSION['user_lastaccessed'] == 0) {
login_handler("admin_editUser.php");
} else {
login_handler("admin_index.php");
}
}
} else {
echo "There was an error. Please contact the administrator for more information.";
}
} else {
$id = $att['user_id'];
$updatecount = "UPDATE tbl_user SET user_attempts=user_attempts+1 WHERE user_id={$id}";
$updatequery = mysqli_query($link, $updatecount);
$message = "Username and password are incorrect.<br>Please try again.";
return $message;
}
}
} else {
$message = "Username and password are incorrect.<br>Please try again.";
return $message;
}
mysqli_close($link);
}
