public function login() { require 'camfoxconfig.php'; $username = $_REQUEST['username']; $password = $_REQUEST['userpassword']; $id = isUser($username, $password); if ($id > 0) { $last_login = get_last_login($id); $_SESSION['user_id'] = $id; //$_SESSION['last_login'] = $last_login; update_last_login_date($id); $user = checkUserAvailableEvents($_SESSION['user_id']); if ($user == 0) { insertUserintoEvents($_SESSION['user_id']); } else { updateUserinEvents($_SESSION['user_id']); } $_SESSION['new_event_count'] = $user[3]; $_SESSION['last_login'] = $user[2]; /* $email_id=getUserEmailById($id); //echo $email_id; $_SESSION['email_id'] = $email_id; $_SESSION['user_id'] = $id; $username = $_SESSION['email_id']; /* if(in_array($email_id,$hr_email)) header("Location:hr_panel.php"); else header("Location:home.php"); */ /* $pending_requests=get_my_pending_requests($_SESSION['email_id']); if((isset($_SESSION['first_time']) && $_SESSION['first_time'] =='yes') || $pending_requests == null || !is_approver($_SESSION['email_id'])) { $status=0; } else { $status=1; $_SESSION['first_time']='yes'; } if(in_array($email_id,$hr_email)) $this->http_response(2,200); else $this->http_response(1,200); */ $this->http_response($id, 200); } else { $message = "Incorrect Credentials"; $username = $_POST['username']; $password = $_POST['password']; // header("Location:index.php?error=$message&username=$username&password=$password"); $this->http_response(0, 200); } }
check_throttle_all(); if (get_failed_login_attempts_by_username($safe_username) > 3) { $time_left = username_throttle_time_left($safe_username, 10 * 60); if ($time_left > 0) { $wait_time = format_time_since_in_words($time_left); set_error_output("You have used too many login attempts. Please wait {$wait_time} and try again. "); } } $found_user = attempt_user_login($username, $password); // Test if there was a query error if ($found_user) { // Success // Mark user as logged in. $_SESSION["user_id"] = $found_user["id"]; $_SESSION["username"] = $found_user["username"]; update_last_login_date($found_user["id"]); redirect_to("index.php"); } else { // Failure $safe_username = mysql_prep($username); add_failed_attempt($safe_username); // if more then 10 in the last 15 minutes, this will happen throttle_all_logins(); // in last 15 minutes by default if (get_failed_login_attempts_by_username($safe_username) >= 3) { set_error_output("You have used too many login attempts. Please wait 10 minutes and try again. "); } set_error_output("Username or password not found. ", "log_in.php"); } } else { // this is probably a get request