function process_login_form() { $email = strtolower($_POST['email']); $passhash = hash_pass($email, $_POST['pass']); // Check to see if the user/ip is temporarily banned: // An IP is banned when 10 unsuccessful attempts are made to log in from a single IP/email within 10 minutes, // regardless of whether any successful attempts were made. $attempts = DBExt::queryCount('login_attempts', array('successful=0', '(remote_ip=%s OR email=%s)', DBExt::timeInInterval('request_time', '-10m', '')), $_SERVER['REMOTE_ADDR'], $email); if ($attempts > 10) { log_attempt($email, false); alert('You have been temporarily locked out. Please wait 10 minutes before attempting to sign in again.', -1); show_login_form(''); return; } // Check for super-user login: // (the account LHSMATH and password set in CONFIG if ($email == 'lhsmath') { global $LHSMATH_PASSWORD; if ($passhash == $LHSMATH_PASSWORD) { // $LHSMATH_PASSWORD is pre-hashed log_attempt('LHSMATH', true); session_destroy(); session_name('Session'); session_start(); session_regenerate_id(true); $_SESSION['user_name'] = 'LHSMATH Super-Admin'; $_SESSION['permissions'] = '+'; $_SESSION['login_time'] = time(); $_SESSION['user_id'] = '-999'; header('Location: ' . URL::root() . '/Admin/Super_Admin'); die; } } // Validate credentials $id = DB::queryFirstField('SELECT id FROM users WHERE LOWER(email)=%s AND passhash=%s LIMIT 1', $email, $passhash); if (is_null($id)) { log_attempt($email, false); show_login_form($email); alert('Incorrect email address or password', -1); return; } // ** CREDENTIALS ARE VALIDATED AT THIS POINT ** // log_attempt($email, true); set_login_data($id); alert('Logged in!', 1); //If this page was being included, redirect back. global $being_included; if ($being_included) { header('Location: ' . $_SERVER['REQUEST_URI']); } else { header('Location: ../Home'); } }
header("Location: {$URL}"); die; } else { header('Location: index.php'); die; } } else { log_attempt($UserID); if ($Enabled == 2) { header('location:login.php?action=disabled'); } elseif ($Enabled == 0) { $Err = 'Your account has not been confirmed.<br />Please check your email.'; } setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false); } } else { log_attempt($UserID); $Err = 'Your username or password was incorrect.'; setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false); } } else { log_attempt($UserID); setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false); } } else { log_attempt('0'); setcookie('keeplogged', '', time() + 60 * 60 * 24 * 365, '/', '', false); } } require 'sections/login/login.php'; }
// configuration require "../includes/config.php"; // if form was submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // validate submission if (empty($_POST["username"])) { apologize("You must provide your username."); } if (empty($_POST["password"])) { apologize("You must provide your password."); } // if we found user, check password if ($user = get_user($_POST["username"])) { if ($user["failed_logins"] >= 3) { apologize("account locked"); } log_attempt($user, $_SERVER["REMOTE_ADDR"], $success = password_verify($_POST["password"], $user["password"])); if ($success) { // remember that the user is now logged in session_start(); $_SESSION["user"] = $user; // redirect to homepage redirect("home.php"); } } // else apologize apologize("Invalid username and/or password."); } else { // else render form render("login_form.php", ["title" => "Log In"]); }