//sessions security check $strTimeInterval = $_SESSION['last_post'] + SECURITY_LOGIN_WAIT_SECONDS; $intTime = $strTimeInterval - time(); if (isset($_SESSION['ip']) && $_SESSION['last_post'] + SECURITY_LOGIN_WAIT_SECONDS > time()) { die('slow down.... wait ' . $intTime . ' more seconds please.'); } //Get Form Post Data $username = funct_GetandCleanVariables($_POST['email']); $password = funct_GetandCleanVariables($_POST['password']); $strReturnURL = funct_GetandCleanVariables($_POST["returnurl"]); //$remember = stripslashes($_POST["remember"]); //echo "username = "******"<br>"; echo "password = "******"<br>"; if ($username and $password) { if (PASSWORD_ENCRYPT) { //encrypt password $intUserID = functConfirmUserPass_hash($username, $password); } else { $intUserID = functConfirmUserPass($username, $password); } //echo "functConfirmUserPass - intUserID = " . $intUserID . "<br>"; $errorMSG = ""; //Default login is good if (!$intUserID) { //username failure $errorMSG = "we could not find your user record... may be a database issue. admin has been emailed"; } //If logging too fast if ($intUserID == "toofast") { //username failure $errorMSG = "logging in too fast"; }
if ($strWhereSQL) { $query = "SELECT * FROM " . TBL_USERS . " WHERE id_code = '" . DETECT_USERIDCODE . "'"; //echo "SQL STMNT = " . $query . "<br>"; $rs = mysqli_query($DB_LINK, $query) or die(mysqli_error()); $row = mysqli_fetch_array($rs); $strPasswordDB = $row["password"]; $strEmail = $row["email"]; $intUserID_DB = $row["id"]; } if (!$intUserID_DB) { echo "no such user found"; die; } //we use this function because it checks for hashed password or unhashed cleartext password and updates the password to secure has if it is not hashed //echo "pass db - $strPasswordDB / pass= "******"<br>"; $intUserIDreturn = functConfirmUserPass_hash($strEmail, $strPassword); //this returns the userid if it is good //echo "returns $strEmail - $intUserID_DB / id= ".$intUserIDreturn."<br>"; //if(password_verify($password, $strPassword_DB)){$strPasswordGood = "ok";} if ($intUserID_DB == $intUserIDreturn) { echo "ok"; } else { echo "wrong password"; } } //!$strDo sendcrypto if ($strDo == "sendcrypto") { if (!SEND_ACTIVE) { die('Sending temporarily disabled.'); } $Form_PageFrom = funct_GetandCleanVariables($_POST['page']);