forked from jaiswalaman/Online-Notes-App
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
103 lines (99 loc) · 3.59 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
//Start session
session_start();
//Connect to the database
include("connection.php");
//Check user inputs
//Define error messages
$missingEmail = '<p><stong>Please enter your email address!</strong></p>';
$missingPassword = '<p><stong>Please enter your password!</strong></p>';
//Get email and password
//Store errors in errors variable
if(empty($_POST["loginemail"])){
$errors .= $missingEmail;
}else{
$email = filter_var($_POST["loginemail"], FILTER_SANITIZE_EMAIL);
}
if(empty($_POST["loginpassword"])){
$errors .= $missingPassword;
}else{
$password = filter_var($_POST["loginpassword"], FILTER_SANITIZE_STRING);
}
//If there are any errors
if($errors){
//print error message
$resultMessage = '<div class="alert alert-danger">' . $errors .'</div>';
echo $resultMessage;
}else{
//else: No errors
//Prepare variables for the query
$email = mysqli_real_escape_string($link, $email);
$password = mysqli_real_escape_string($link, $password);
$password = hash('sha256', $password);
//Run query: Check combinaton of email & password exists
$sql = "SELECT * FROM users WHERE email='$email' AND password='$password' AND activation='activated'";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">Error running the query!</div>';
exit;
}
//If email & password don't match print error
$count = mysqli_num_rows($result);
if($count !== 1){
echo '<div class="alert alert-danger">Wrong Username or Password</div>';
}
else {
//log the user in: Set session variables
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$_SESSION['user_id']=$row['user_id'];
$_SESSION['username']=$row['username'];
$_SESSION['email']=$row['email'];
if(empty($_POST['rememberme'])){
//If remember me is not checked
echo "success";
}else{
//Create two variables $authentificator1 and $authentificator2
$authentificator1 = bin2hex(openssl_random_pseudo_bytes(10));
//2*2*...*2
$authentificator2 = openssl_random_pseudo_bytes(20);
//Store them in a cookie
function f1($a, $b){
$c = $a . "," . bin2hex($b);
return $c;
}
$cookieValue = f1($authentificator1, $authentificator2);
setcookie(
"rememberme",
$cookieValue,
time() + 1296000
);
//Run query to store them in rememberme table
function f2($a){
$b = hash('sha256', $a);
return $b;
}
$f2authentificator2 = f2($authentificator2);
$user_id = $_SESSION['user_id'];
$expiration = date('Y-m-d H:i:s', time() + 1296000);
$sql = "INSERT INTO rememberme
(`authentificator1`, `f2authentificator2`, `user_id`, `expires`)
VALUES
('$authentificator1', '$f2authentificator2', '$user_id', '$expiration')";
$result = mysqli_query($link, $sql);
if(!$result){
echo '<div class="alert alert-danger">There was an error storing data to remember you next time.</div>';
}else{
echo "success";
}
}
}
}
//else
//Create two variables $authentificator1 and $authentificator2
//Store them in a cookie
//Run query to store them in rememberme table
//If query unsuccessful
//print error
//else
//print "success"
?>