$results = get_user_data($uuid);
if (is_array($results)) {
$uuid = $results[1];
$database_password = $results[2];
$salt = $results[3];
// Validate that the supplied password is correct
$hashed_password = hash("sha512", $password . $salt);
if ($database_password == $hashed_password) {
// Store cookie on client's computer
$cookie = Cookie::create($uuid, $hashed_password);
$result = $cookie_handler->set_cookie("compsec", $cookie);
if ($result == false) {
print "An unexpected error has prevented you from logging in. Reason: Unable to create a login cookie.";
}
// Login successful
update_last_login($uuid);
header("location:index.php");
} else {
print "Error: Invalid password. Press the back button to try again.";
}
} else {
print "Error: User does not exist! Press the back button to try again.";
}
}
?>
</p>
</div>
</p>
</p>
// Include required functions file
require_once 'includes/functions.php';
require_once 'includes/authenticate.php';
// Session handler is database
session_set_save_handler('db_open', 'db_close', '_read', '_write', '_destroy', '_clean');
// Start session
session_start('SimpleRisk');
// If the login form was posted
if (isset($_POST['submit'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
// If the user is valid
if (is_valid_user($user, $pass)) {
$_SESSION["access"] = "granted";
// Update the last login
update_last_login($_SESSION['uid']);
// Audit log
$risk_id = 1000;
$message = "Username \"" . $_SESSION['user'] . "\" logged in successfully.";
write_log($risk_id, $_SESSION['uid'], $message);
// Redirect to the reports index
header("Location: /reports");
} else {
$_SESSION["access"] = "denied";
}
}
?>
<!doctype html>
<html>
