Exemplo n.º 1
0
 $db = new DBObject(CURRENT_DB);
 //	$username = $db->escape($_POST['username']);
 $username = $_POST['username'];
 //	$sql = "SELECT * FROM userinfo WHERE userpass = '******' AND username = '******'";
 $sql = "SELECT * FROM userinfo WHERE username = ?username:s";
 $time = rand(1000 * 1000, 1000 * 500);
 usleep($time);
 //	$query = $db->prepare($sql);
 //	error_log('query from login: '******'s', $username);
 $db->prepare($sql);
 $db->bind(array("username" => $username));
 $json['status'] = 1;
 $json['response'] = 'Invalid username/password!';
 foreach ($db->execute() as $row) {
     if ($db->getNumrows() > 1) {
         $json['status'] = 3;
         $json['response'] = 'Duplicate username detected! Please clean the database.';
         die(json_encode($json));
     }
     if ($row['status']) {
         $timestamp = Crypto::create_timestamp($row['regdate']);
         $hashpass = Crypto::encrypt_password($_POST['userpass'], $timestamp[0]);
         error_log($hashpass);
         error_log($row['userpass']);
         if ($hashpass === $row['userpass']) {
             $json['status'] = 0;
             $json['response'] = "Welcome back, {$row['username']}!";
         }
     } else {
         $json['status'] = 2;