//Hash the password and use the salt from the database to compare the password.
$entered_pass = generateHash($password, $userdetails["password"]);
if ($entered_pass != $userdetails["password"]) {
//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: account.php");
die;
}
}
}
}
}
require_once "models/header.php";
include "left-nav.php";
echo resultBlock($errors, $successes);
echo "\r\n<div id='regbox'>\r\n<form name='login' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<p>\r\n<label>Username:</label>\r\n<input type='text' name='username' />\r\n</p>\r\n<p>\r\n<label>Password:</label>\r\n<input type='password' name='password' />\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Login' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
//Forms posted
if (!empty($_POST)) {
global $errors;
$errors = array();
$username = sanitize(trim($_POST["username"]));
$password = trim($_POST["password"]);
//Perform some validation
//Feel free to edit / change as required
if ($username == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if ($password == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
if (count($errors) == 0) {
//A security note here, never tell the user which credential was incorrect
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
$userdetails = fetchUserDetails($username);
//See if the user's account is activated
if ($userdetails["active"] == 0) {
$errors[] = lang("ACCOUNT_INACTIVE");
} else {
//Hash the password and use the salt from the database to compare the password.
$entered_pass = generateHash($password, $userdetails["password"]);
if ($entered_pass != $userdetails["password"]) {
//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
} else {
//Passwords match! we're good to go'
//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["email"];
$loggedInUser->user_id = $userdetails["id"];
$loggedInUser->hash_pw = $userdetails["password"];
$loggedInUser->title = $userdetails["title"];
$loggedInUser->displayname = $userdetails["display_name"];
$loggedInUser->username = $userdetails["user_name"];
//Update last sign in
$loggedInUser->updateLastSignIn();
$this->session->set_userdata('userCakeUser', $loggedInUser);
// $_SESSION["userCakeUser"] = $loggedInUser;
//Redirect to user account page
header("Location: " . str_replace('index.php/', '', site_url('account')));
die;
}
}
}
}
}
$this->load->view('login');
}
