/
login.php
executable file
·44 lines (44 loc) · 2.37 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?php
if(isset($_COOKIE['Zeigher-ID']) && isset($_COOKIE['Zeigher-Token'])):
$id = $db->real_escape_string($_COOKIE['Zeigher-ID']);
$row = $db->query("SELECT id, username, password, free FROM user WHERE id = '$id'")->fetch_assoc();
if($row['free'] == true && hash_equals($_COOKIE['Zeigher-Token'], crypt($row['username'].$row['email'], $row['password']))):
$_SESSION['loggedin'] = true;
$_SESSION['userid'] = $row['id'];
echo "<script>location.href='.'</script>";
else:
echo "<script>document.cookie = 'Zeigher-Token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';</script>";
endif;
elseif (isset($_POST['cred']) && isset($_POST['password'])):
$cred = $db->real_escape_string($_POST['cred']);
$password = $db->real_escape_string($_POST['password']);
$hostname = $_SERVER['HTTP_HOST'];
$path = dirname($_SERVER['PHP_SELF']);
if($db->query("SELECT username FROM user WHERE UPPER(username) = UPPER('$cred') OR UPPER(email) = UPPER('$cred')")->num_rows != 1):
echo $lang->wrongpass;
else:
$row = $db->query("SELECT id, username, password, free FROM user WHERE UPPER(username) = UPPER('$cred') OR UPPER(email) = UPPER('$cred')")->fetch_assoc();
if(password_verify($_POST['password'], $row['password']) == true && $row['free'] == true):
setcookie('Zeigher-ID', $row['id'], time() + (86400 * 30), "/");
setcookie('Zeigher-Token', crypt($row['username'].$row['email'], $row['password']), time() + (86400 * 30), "/");
echo "<script>location.href='.'</script>";
elseif(password_verify($_POST['password'], $row['password']) == false):
echo "$lang->wrongpass<br>";
echo "<a href='?page=reset'>$lang->resetpwd</a><br><br>";
elseif($row['free'] == false):
echo $lang->notfree;
else:
echo "ERROR";
endif;
endif;
else:
echo "<div>$lang->morefunctions<div>";
endif;
echo "<div class='login'>
<form class='table center' action='?page=login' method='post'>
<span class='row'><div class='lt cell'>$lang->usernameoremail</div><input class='cell' name='cred'></span>
<span class='row'><div class='lt cell'>$lang->password</div><input type='password' class='cell' name='password' autocomplete='off'></span>
<span class='row'><input type='submit' class='btn ico-key $color cell' value='$lang->login' />";
if($settings->regist == "true") echo "<a onclick=\"self.location.href='?page=register'\" class='btn ico-edit $color cell'> $lang->register</a>";
echo "</span></form></div>";
?>