//Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to user account page header("Location: account.php"); die; } } } } } require_once "models/header.php"; include "left-nav.php"; echo resultBlock($errors, $successes); echo "\r\n<div id='regbox'>\r\n<form name='login' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<p>\r\n<label>Username:</label>\r\n<input type='text' name='username' />\r\n</p>\r\n<p>\r\n<label>Password:</label>\r\n<input type='password' name='password' />\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Login' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } //Forms posted if (!empty($_POST)) { global $errors; $errors = array(); $username = sanitize(trim($_POST["username"])); $password = trim($_POST["password"]); //Perform some validation //Feel free to edit / change as required if ($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if (count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $this->session->set_userdata('userCakeUser', $loggedInUser); // $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to user account page header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } } } } } $this->load->view('login'); }