$logged_in = evalLoggedUser($log_id, $log_username, $log_password); } else { if (isset($_COOKIE["user_email"]) && isset($_COOKIE["user_name"]) && isset($_COOKIE["user_password"]) && isset($_COOKIE["user_id"]) && isset($_COOKIE["user_account_type"])) { error_log("Session expired."); error_log("cookie user id: " . $_COOKIE["user_id"]); error_log("cookie user name: " . $_COOKIE["user_name"]); error_log("cookie user pass: "******"user_password"]); error_log("cookie user email: " . $_COOKIE["user_email"]); error_log("cookie user account_type: " . $_COOKIE["user_account_type"]); //If session expired, but session isn't reset session $_SESSION['user'] = array('id' => preg_replace('#[^0-9]#', '', $_COOKIE['user_id']), 'name' => preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user_name']), 'password' => $_COOKIE['user_password'], 'email' => $_COOKIE['user_email'], 'account_type' => preg_replace('#[^0-9]#', '', $_COOKIE['user_account_type'])); $log_id = $_SESSION['user']['id']; $log_username = $_SESSION['user']['name']; $log_password = $_SESSION['user']['password']; // Verify the user $logged_in = evalLoggedUser($log_id, $log_username, $log_password); /*if($logged_in == true){ //Update last act try{ $stmt = $db->prepare('UPDATE jpdrills_users SET last_login=now() WHERE id=:id LIMIT 1 '); $stmt->bindParam(':id',$log_id,PDO::PARAM_STR); $stmt->execute(); }catch(PDOException $ex){ error_log("Couldn't update last_login $ex"); } }*/ } }
$sql = "SELECT ip FROM users WHERE id='{$id}' AND email='{$e}' AND password='******' AND activated='1' LIMIT 1"; //AND activated='1' $query = mysqli_query($conn, $sql); $numrows = mysqli_num_rows($query); if ($numrows > 0) { return true; } } if (isset($_SESSION["userid"]) && isset($_SESSION["email"]) && isset($_SESSION["password"])) { $log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']); $log_email = preg_replace('#[^a-z0-9]#i', '', $_SESSION['email']); $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']); // Verify the user $user_ok = evalLoggedUser($conn, $log_id, $log_email, $log_password); } else { if (isset($_COOKIE["id"]) && isset($_COOKIE["email"]) && isset($_COOKIE["pass"])) { $_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']); $_SESSION['email'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['email']); $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']); $log_id = $_SESSION['userid']; $log_email = $_SESSION['email']; $log_password = $_SESSION['password']; // Verify the user $user_ok = evalLoggedUser($conn, $log_id, $log_email, $log_password); if ($user_ok == true) { // Update their lastlogin datetime field $sql = "UPDATE users SET lastlogin=now() WHERE id='{$log_id}' LIMIT 1"; $query = mysqli_query($conn, $sql); } } }
} //** Don't need to update last_act here anymore. See js/update-status.js **/ //$sql = "UPDATE users SET last_act=now() WHERE id='$id' LIMIT 1"; //$query = mysql_query($sql); return true; } } if (isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) { $log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']); $log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']); $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']); // Verify the user $user_ok = evalLoggedUser($log_id, $log_username, $log_password); } else { if (isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])) { //If session expired, but session isn't reset session $_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']); $_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']); $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']); $log_id = $_SESSION['userid']; $log_username = $_SESSION['username']; $log_password = $_SESSION['password']; // Verify the user $user_ok = evalLoggedUser($log_id, $log_username, $log_password); if ($user_ok == true) { // Update their lastlogin datetime field $sql = "UPDATE users SET last_login=now() WHERE id='{$log_id}' LIMIT 1"; $query = mysql_query($sql); } } }
$sql = "SELECT * FROM users WHERE id='{$id}' AND email='{$e}' AND password='******'"; // AND activated='1' $result = mysqli_query($conx, $sql); $numrows = $result->num_rows; if ($numrows > 0) { return true; } } if (isset($_SESSION["userid"]) && isset($_SESSION["email"]) && isset($_SESSION["password"])) { $log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']); $log_email = mysqli_real_escape_string($db_conx, $_SESSION['email']); $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']); // Verify the user $user_ok = evalLoggedUser($db_conx, $log_id, $log_email, $log_password); } else { if (isset($_COOKIE["id"]) && isset($_COOKIE["email"]) && isset($_COOKIE["pass"])) { $_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']); $_SESSION['email'] = mysqli_real_escape_string($db_conx, $_COOKIE['email']); $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']); $log_id = $_SESSION['userid']; $log_email = $_SESSION['email']; $log_password = $_SESSION['password']; // Verify the user $user_ok = evalLoggedUser($db_conx, $log_id, $log_email, $log_password); if ($user_ok == true) { // Update their lastlogin datetime field $sql = "UPDATE users SET lastlogin=now() WHERE id='{$log_id}' LIMIT 1"; $query = mysqli_query($db_conx, $sql); } } }
<?php session_start(); include_once 'php_inc/connect.php'; $log_login_status = false; $log_logid = ""; $log_uname = ""; $log_password = ""; $log_utype = ""; function evalLoggedUser($con, $logid, $uname, $pass, $ut) { $sql = "SELECT * FROM users WHERE logid='{$logid}' AND password='******' AND utype='{$ut}'"; $query = mysqli_query($con, $sql); $numrows = mysqli_num_rows($query); //~ mysqli_close($con); if ($numrows > 0) { return true; } } if (isset($_SESSION['logid']) && isset($_SESSION['uname']) && isset($_SESSION['password']) && isset($_SESSION['utype'])) { $log_logid = preg_replace('#[^a-z0-9]#', '', $_SESSION['logid']); //~ $log_uname = preg_replace('#[^a-z0-9]#', '', $_SESSION['uname']); $log_password = preg_replace('#[^a-z0-9]#', '', $_SESSION['password']); $log_utype = preg_replace('#[^a-z0-9]#', '', $_SESSION['utype']); $log_login_status = evalLoggedUser($con, $log_logid, $log_uname, $log_password, $log_utype); } else { //~ echo "Login status incorrect"; //~ mysqli_close($con); //~ exit(); }
//echo $errr . " "; if (isset($_SESSION["userid"]) && isset($_SESSION["password"]) && isset($_SESSION["userType"])) { // $errr = $errr . "5555"; //echo $errr . " "; $log_id = preg_replace('#[^a-z0-9]#i', '', $_SESSION['userid']); $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']); $log_userType = preg_replace('#[^a-z0-9]#i', '', $_SESSION['userType']); // Verify the user $user_ok = evalLoggedUser($db_conx, $log_id, $log_password, $log_userType); // $errr = $errr . "8888888"; //echo $errr . " "; } else { if (isset($_COOKIE["id"]) && isset($_COOKIE["password"]) && isset($_COOKIE["userType"])) { //$errr = $errr . "66666"; //echo $errr . " "; $_SESSION['userid'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['id']); $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['password']); $_SESSION['userType'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['userType']); $_SESSION['pic_id'] = ""; $log_id = $_SESSION['userid']; $log_password = $_SESSION['password']; $log_userType = $_SESSION['userType']; // Verify the user $user_ok = evalLoggedUser($db_conx, $log_id, $log_password, $log_userType); // $errr = $errr ."999999 "; //echo $errr . " "; } } //$errr = $errr . "success "; //echo $errr . " "; //echo "success";
$user_ok = false; $log_username = ""; $log_password = ""; if (isset($_SESSION["user"]) && isset($_SESSION["pass"])) { $log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['user']); $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['pass']); // Verify the user $user_ok = evalLoggedUser($db_connect, $log_username, $log_password); } else { if (isset($_COOKIE["user"]) && isset($_COOKIE["pass"])) { $_SESSION['user'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']); $_SESSION['pass'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']); $log_username = $_SESSION['user']; $log_password = $_SESSION['pass']; // Verify the user $user_ok = evalLoggedUser($db_connnect, $log_username, $log_password); } } // If user is already logged in, redirect if ($user_ok == true) { echo "saved okk"; header("location: ?u=" . $_SESSION["user"]); // redirect to appropieat user exit; } if (isset($_POST["username"])) { // GATHER THE POSTED DATA INTO LOCAL VARIABLES AND SANITIZE $username = $_POST['username']; $password = md5($_POST['password']); // FORM DATA ERROR HANDLING if ($username == "" || $password == "") {
$sql = "SELECT ip FROM table_users WHERE id='{$id}' AND password='******' AND activated='1' LIMIT 1"; $query = mysqli_query($conx, $sql); $numrows = mysqli_num_rows($query); if ($numrows > 0) { return true; } } if (isset($_SESSION["userid"]) && isset($_SESSION["password"])) { $att_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']); $att_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']); // Verify the user $profile_ok = evalLoggedUser($db_conx, $att_id, $att_password); if ($profile_ok == true) { $log_id = $att_id; } } else { if (isset($_COOKIE["id"]) && isset($_COOKIE["pass"])) { $_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']); $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']); $att_id = $_SESSION['userid']; $att_password = $_SESSION['password']; // Verify the user $profile_ok = evalLoggedUser($db_conx, $att_id, $att_password); if ($profile_ok == true) { $log_id = $att_id; // Update their lastlogin datetime field $sql = "UPDATE table_users SET lastlogin=now() WHERE id='{$att_id}' LIMIT 1"; $query = mysqli_query($db_conx, $sql); } } }