require_once __DIR__ . '/../includes/mysqli_connect.php'; require_once __DIR__ . '/../includes/functions.php'; session_start(); $username = strip_tags($_POST['username']); $password = hash("sha256", $_POST['password']); $timestamp = date('Y-m-d H:i:s'); //Check for a record that matches the POSTed credentials $query = "SELECT * FROM users WHERE username = '******'"; $result = $mysqli->query($query); $user = mysqli_fetch_assoc($result); if ($result->num_rows == 0) { echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> Sorry, this username does not exist.</span>"; } else { if ($user['password'] != $password) { echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> Sorry, this password is incorrect.</span>"; } else { if ($user['active'] != 1) { echo "<span class='message-danger' style='margin-bottom: 15px'><i class='fa fa-times-circle' style='font-size:20px'></i> You need to activate your account first!</span>"; } } } if ($result->num_rows == 1 && $user['active'] == 1) { $_SESSION['user'] = $username; if (strlen($user['fb_id']) > 0) { $_SESSION['fbId'] = $user['fb_id']; } mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$user['id']}, 'login', '{$timestamp}')"); if ($_POST['rememberme']) { onLogin($user['id']); } }
function checkFbUser($fbId, $fbFirstName, $fbLastName, $fbEmail, $userId) { $mysqli = getMysqli(); $image = "//graph.facebook.com/{$fbId}/picture"; $timestamp = date('Y-m-d H:i:s'); if ($mysqli->query("SELECT * FROM users WHERE fb_id = '{$fbId}'")->num_rows !== 0) { // we have this user. just log him in, and update his info if ($userId) { $respCode = 1; } else { $updateQuery = "UPDATE users SET fb_fname='{$fbFirstName}', fb_lname='{$fbLastName}' WHERE fb_id='{$fbId}'"; //$updateQuery = "UPDATE users SET fb_name='$fbFullName' WHERE fb_id='$fbId'"; mysqli_query($mysqli, $updateQuery); $userId = mysqli_fetch_assoc($mysqli->query("SELECT id, username FROM users WHERE fb_id='{$fbId}'")); mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId['id']}, 'fb_login', '{$timestamp}')"); onLogin($userId['id']); if (strlen($userId['username']) > 0) { session_start(); $_SESSION['user'] = $userId['username']; } } } else { if ($userId) { // we have a user, but no facebook information. update it $updateQuery = "UPDATE users SET fb_id='{$fbId}', fb_fname='{$fbFirstName}', fb_lname='{$fbLastName}', image='{$image}'" . (strlen($fbEmail) > 0 ? ", email='{$fbEmail}'" : "") . " WHERE id={$userId}"; mysqli_query($mysqli, $updateQuery); mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId}, 'fb_login', '{$timestamp}')"); $respCode = 2; } else { // we don't have this user. Add him to the DB, make him active $fbEmail = strlen($fbEmail) > 0 ? "'{$fbEmail}'" : "NULL"; $hash = md5(rand(0, 1000)); $createUserQuery = "INSERT INTO users VALUES (NULL, NULL, NULL, '{$fbId}', '{$fbFirstName}', '{$fbLastName}', {$fbEmail}, '{$image}', 0, 1, 1, '{$hash}', '', '', 1)"; mysqli_query($mysqli, $createUserQuery); $userId = mysqli_fetch_assoc($mysqli->query("SELECT id FROM users WHERE fb_id='{$fbId}'"))['id']; mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$userId}, 'fb_signup', '{$timestamp}')"); //echo $createUserQuery; } } return $respCode ? $respCode : 0; }
$_POST['login_username'] = $_POST['full_login_username']; $_POST['login_password'] = $_POST['full_login_password']; } if (isset($_POST['login_username']) && isset($_POST['login_password'])) { // Clean up the post data $username = strip_tags($_POST['login_username']); //hash the entered password for comparison with the db $password = hash("sha256", $_POST['login_password']); //Check for a record that matches the POSTed credentials $query = "SELECT * FROM users WHERE username = '******' AND password = '******';"; $result = $mysqli->query($query); $user = mysqli_fetch_assoc($result); if ($result && $result->num_rows == 1 && $user['active'] == 1) { $_SESSION['user'] = $_POST['login_username']; if (isset($_POST['stay-logged']) || isset($_POST['stay-logged-full'])) { onLogin($result['id']); } } mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$result['id']}, 'login', '{$timestamp}')"); } $remembered = rememberMe(); if ($remembered) { $account = mysqli_fetch_assoc($mysqli->query("SELECT * FROM users WHERE id={$remembered}")); $_SESSION['user'] = $account['username']; $_SESSION['fbId'] = $account['fb_id']; } if ($loggedIn) { $fb = isset($_SESSION['fbId']); $user = isset($_SESSION['user']); $dbAccountFinder = $fb ? "fb_id='{$_SESSION['fbId']}'" : "username='******'user']}'"; $accountQuery = "SELECT * FROM users WHERE {$dbAccountFinder}";
function doLogin() { $user = getP('user'); $pass = getP('pass'); //Config file contents $configStr = "UserName {$user}\n"; if (!$savePasswordHash) { $configStr .= "Password <quote>{$pass}<quote>\n"; } else { $configStr .= "HashedPassword " . getPasswordHash($pass) . "\n"; } $configFile = getConfigFullName(); //Check if dir structure exists. mkdir if dir does not exist if (!file_exists($configFile)) { return '{ "success": false, "message": "Config file not found"}'; } //Write config file if (!file_put_contents($configFile, $configStr)) { return '{ "success": false, "message": "Can not write config file"}'; } $retriesFRead = 0; $statusFile = getStatusFullName(); //Check few times if client writes a health file while (!file_exists($statusFile)) { $retriesFRead++; if ($retriesFRead >= 30) { break; } sleep(1); } $retriesFRead1 = 0; $statusFileStr = ""; //Check few times if health file status is successful login if (file_exists($statusFile)) { while (strpos($statusFileStr, "login successful") === FALSE) { $statusFileStr = file_get_contents($statusFile); $retriesFRead1++; if ($retriesFRead1 >= 30) { break; } sleep(1); } } if (function_exists('onLogin')) { onLogin(); } $failureDetails = ""; if (strpos($statusFileStr, "login successful") !== FALSE) { return '{ "success": true }'; } else { if (strpos($statusFileStr, "login failed") !== FALSE) { $statusFileArr = split("\n", $statusFileStr); if (is_array($statusFileArr) && count($statusFileArr) > 1) { $failureDetails = '. ' . ucfirst($statusFileArr[1]); } } } return '{ "success": false, "message": "Login failed' . $failureDetails . '"}'; }