function login($data)
{
$email = mysql_real_escape_string($data->email);
$password = mysql_real_escape_string($data->password);
if (!empty($email) && !empty($password)) {
$result = mysql_query("SELECT * FROM users WHERE email = '{$email}'") or die(mysql_error());
// check for result
$no_of_rows = mysql_num_rows($result);
if ($no_of_rows > 0) {
$result = mysql_fetch_array($result);
$salt = $result['salt'];
$uuid = $result['unique_id'];
$encrypted_password = $result['encrypted_password'];
$hash = checkhashSSHA($salt, $password);
// check for password equality
if ($encrypted_password == $hash) {
// user authentication details are correct
return array("unique_id" => $uuid, "msg" => "details are correct", "status" => "success");
} else {
// user not found
return array("msg" => "details are not correct", "status" => "failure");
}
} else {
// user not found
return array("msg" => "user not found", "status" => "failure");
}
} else {
return array("msg" => "Fill the Details", "status" => "failure");
}
}
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
session_start();
include "connect.php";
if (!empty($_REQUEST)) {
$data = json_decode($_POST["data"]);
$username = trim($data->username);
$password = trim($data->password);
$sql = "SELECT * FROM users WHERE username='******'";
$result = mysqli_query($link, $sql);
if ($result) {
$row = mysqli_fetch_assoc($result);
$salt = $row['salt'];
$encrypted_password = $row['password'];
$hash = checkhashSSHA($salt, $password);
//echo $encrypted_password." == ". $hash;
//die();
if ($encrypted_password == $hash) {
$SKey = uniqid(mt_rand(), true);
$timestamp = date("Y-m-d H:m:i");
$_SESSION["userid"] = $row["id"];
$_SESSION["username"] = $row['username'];
$_SESSION['userAgent'] = sha1($_SERVER['HTTP_USER_AGENT']);
$_SESSION['SKey'] = $SKey;
$_SESSION['IPaddress'] = $_SERVER["REMOTE_ADDR"];
$_SESSION['LastActivity'] = $_SERVER['REQUEST_TIME'];
echo json_encode(array('result' => true, 'msg' => "Login successfully."));
} else {
echo json_encode(array('result' => false, 'msg' => "Error."));
}
} catch (PDOException $e) {
echo $e->getMessage();
}
if (isset($_POST['username'], $_POST['password'], $_POST['captcha']) && !empty($_POST['username']) && !empty($_POST['password']) && !empty($_POST['captcha'])) {
if (isset($_SESSION['captcha']) && $_POST['captcha'] == $_SESSION['captcha']) {
$username = escape($_POST['username']);
$password = $_POST['password'];
$sql = "select * from user where username=:user and permission!='admin'";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':user', $username, PDO::PARAM_STR);
$stmt->execute();
if ($stmt->rowCount() == 1) {
$user = $stmt->fetch(PDO::FETCH_OBJ);
$salt = $user->salt;
$encPassword = $user->password;
if (checkhashSSHA($salt, $password) == $encPassword) {
session_regenerate_id(true);
$_SESSION['login'] = true;
$_SESSION['name'] = $user->lname . ' ' . $user->fname;
$_SESSION['fname'] = $user->fname;
$_SESSION['lname'] = $user->lname;
$_SESSION['username'] = $user->username;
$_SESSION['userId'] = $user->id;
$_SESSION['f_id'] = $user->f_id;
$_SESSION['permission'] = $user->permission;
$_SESSION['token'] = token(20, TOKEN_KEY);
/*************************************/
$url = url('/welcome.php');
$header = 'HTTP/1.1 200 OK';
header($header);
header("Location: {$url}");
function LoginUtility($email, $pwd, $table, $emailCol, $pwdCol)
{
$resp = "-1";
try {
$query = "select * from " . $table . " where " . $emailCol . "='{$email}'";
$rs = mysql_query($query);
if (!$rs) {
$resp = "-1";
} else {
$no = mysql_num_rows($rs);
if ($no > 0) {
$res = mysql_fetch_array($rs);
$salt = $res["Salt"];
$hash = checkhashSSHA($salt, $pwd);
// check for password equality
if ($res[$table . "Pwd"] == $hash) {
$resp = "1";
// set the global cookie here in PHP.
// setcookie("globalEmail", $res[$table . "Email"], time() + (86400 * 30), "/");
// setcookie("globalID", $res[$table . "ID"], time() + (86400 * 30), "/");
$_SESSION["globalEmail"] = $res[$table . "Email"];
$_SESSION["globalId"] = $res[$table . "ID"];
} else {
$resp = "0";
}
}
}
return $resp;
} catch (Exception $e) {
$resp = "-1";
return $resp;
}
}
function chpassword($pdo)
{
if (!empty($_POST['npass']) && !empty($_POST['cpass'])) {
$sql = "select salt,password from user where id=:userId";
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':userId', $_SESSION['userId'], PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount()) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$salt = $user['salt'];
$encPassword = $user['password'];
if (checkhashSSHA($salt, $_POST['cpass']) == $encPassword) {
$nps = preg_replace('/\\s*/', '', $_POST['npass']);
$nps = preg_replace('/\\/*/', '', $nps);
if (mb_strlen($nps, 'UTF-8') >= 8) {
$password = hashSSHA($_POST['npass']);
$sql = "update user set salt=:s,password=:p";
$stmt = $pdo->prepare($sql);
$stmt->bindvalue(':s', $password['salt'], PDO::PARAM_STR);
$stmt->bindvalue(':p', $password['encrypted'], PDO::PARAM_STR);
$stmt->execute();
}
}
}
}
redirect(BASE_PATH . '/me', 1);
}
$uuid = "";
function checkhashSSHA($salt, $password)
{
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
if ($exists > 0) {
while ($row = mysqli_fetch_array($query)) {
$table_users = $row['email'];
// the first username row is passed on to $table_users, and so on until the query is finished
$encrypted_password = $row['password'];
// the first password row is passed on to $table_password, and so on until the query is finished
$username = $row['fname'];
$salt = $row['salt'];
$uuid = $row['uuid'];
$table_password = checkhashSSHA($salt, $password);
}
if ($email == $table_users) {
if ($encrypted_password == $table_password) {
$_SESSION['user'] = $username;
//set the username in a session. This serves as a global variable
$_SESSION['writer'] = $uuid;
header("location: index.php");
// redirects the user to the authenticated home page
} else {
print '<script>alert("Incorrect Password!");</script>';
// Prompts the user
print '<script>window.location.assign("login.php");</script>';
// redirects to login.php
}
} else {
function ChangePassword($email, $oldPassword, $newPassword, $newPasswordConfirm, $table)
{
$resp = "-1";
try {
$query = "select * from " . $table . " where " . $table . "Email='{$email}'";
$rs = mysql_query($query);
if (!$rs) {
$resp = "-1";
} else {
$no = mysql_num_rows($rs);
if ($no > 0) {
$res = mysql_fetch_array($rs);
$salt = $res["Salt"];
$encrypted_password = $res[$table . "Pwd"];
$hash = checkhashSSHA($salt, $oldPassword);
if ($encrypted_password == $hash) {
// old Password matches. Now, update the password here.
$resp = ChangePasswordUtility($email, $newPassword, $table);
} else {
$resp = "0";
}
}
}
echo $resp;
} catch (Exception $e) {
$resp = "-1";
echo $resp;
}
}
/**
* Decrypting password
* @param salt, password
* returns hash string
*/
function isAllowAccessPwd($password)
{
$ci =& get_instance();
$where = array('ID' => getUserId());
$sql = $ci->common_model->getRecords($ci->common_model->_loginTable, $where, "s");
$salt = $sql['salt'];
$encrypted_password = $sql['password'];
$hash = checkhashSSHA($salt, $password);
return $encrypted_password == $hash ? 1 : 0;
}
/**
* Get user by email and password
*/
function getUserByEmailAndPassword($email, $password, $db)
{
$result = $db->query("SELECT * FROM users WHERE email = '{$email}'");
// check for result
if ($result->num_rows > 0) {
$resultArray = $result->fetch_array(MYSQLI_ASSOC);
$salt = $resultArray['salt'];
$encrypted_password = $resultArray['encrypted_password'];
$hash = checkhashSSHA($salt, $password);
// check for password equality
if ($encrypted_password == $hash) {
// user authentication details are correct
return $resultArray;
}
} else {
// user not found
return false;
}
}
