function loginUser()
{
$username = $_POST['username'];
// checks it against the database
$query = "SELECT * FROM users WHERE username = '******'";
$check = mysql_query($query) or die(mysql_error());
if ($info = mysql_fetch_array($check)) {
$sessionId = rand_string(32);
// update lastLogon & session id
$now = date('c');
$update = "UPDATE users SET lastLogon='{$now}', session_id='{$sessionId}' WHERE username='******'";
$result = mysql_query($update) or die(mysql_error());
$hashUsername = $info['sha256_user'];
// if login is ok then we add a cookie
setCookies($hashUsername, $sessionId);
$sessionId = rand_string(32);
logLogin($hashUsername);
//then redirect them to the members area
header('Location: main.php');
} else {
dieError("ERROR: Cannot find user record in database. Please contact the administrator");
}
}
<?php
require "system/shared.php";
$username = filter_var($_POST["user"], FILTER_SANITIZE_STRING);
$password = $_POST["pass"];
function logLogin($username, $success)
{
$db = Database::getInstance();
$ip = $_SERVER['REMOTE_ADDR'];
$stmt = $db->prepare("INSERT INTO logins (`ip`, `username`, `success`, `datetime`) VALUES (?, ?, ?, NOW())");
$success = $success ? 1 : 0;
$stmt->bind_param("ssi", $ip, $username, $success);
$db->insert($stmt);
}
if ($username != "" && $password != "") {
$user = User::getUser($username, $password);
if ($user != NULL) {
$_SESSION["AUTH_USER_NAME"] = $user->username;
$_SESSION["AUTH_FROM_IP"] = $_SERVER['REMOTE_ADDR'];
logLogin($user->username, true);
sleep(1);
header("Location: ./member_start.php");
die;
} else {
logLogin($username, false);
sleep(rand(1, 5));
header("Location: ./?errmsg=loginfailure");
}
}
logLogin($username, false);
header("Location: ./?errmsg=loginfailure");
function setSession($username)
{
$_SESSION['user'] = $username;
$_SESSION['loginIdentifier'] = 1;
logLogin();
}