/
login.php
63 lines (60 loc) · 2.41 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
session_start();
include 'includes/db_connect.php';
include 'includes/functions.php';
if ($_POST['login'] == "Login") {
$username = $_POST['username'];
$password = $_POST['password'];
$password = sha1($password);
$result = mysql_query("SELECT * FROM users WHERE lower(username) = lower('$username') AND `password` = '$password'");
if (mysql_num_rows($result) == 1) {
# Save the user's account details for logging on later.
if (isset($_POST['save'])) {
setcookie("username",$_POST['username']);
setcookie("password",$_POST['password']);
}
else {
setcookie("username","");
setcookie("password","");
$_COOKIE = null;
unset($_COOKIE);
}
# We have login success! Set the variables and go back to index to make them permanent.
$row=mysql_fetch_assoc($result);
$_SESSION['username'] = $username;
$_SESSION['user_id'] = $row['id'];
# Set includes dir, include file upload servers etc.
$_SESSION['includes'] = dirname(__FILE__)."/includes";
$_SESSION['scripts'] = dirname(__FILE__)."/scripts";
$_SESSION['apps'] = dirname(__FILE__)."/apps";
$filesdir = dirname(__FILE__)."/user/".$_SESSION['user_id'];
if (!is_dir("user/")) { mkdir("user/"); }
if (!is_dir($filesdir)) { mkdir($filesdir); }
$_SESSION['filesdir'] = $filesdir;
# Now do relative from apps
$_SESSION['filesapps'] = "../../../user/".$_SESSION['user_id'];
# Now do relative from root
$_SESSION['filesroot'] = "user/".$_SESSION['user_id'];
# Make variables easier to access
foreach($row as $key => $value) {
$_SESSION[$key]=$value;
}
#if ($isEnabled == 0) { die("You have been banned from the system. Please contact your systems administrator. <a href='index.php'>Return to the home page</a>"); }
//Inform Bibud about login to disable old accounts
$lastActive=date("Y-m-d");
$sql="UPDATE users SET `lastActive`='$lastActive' WHERE username='".$username."';";
if (!mysql_query($sql)) { log_errors("Warning: Can't set last active date: $username"); }
# Now set last IP for security
$sql="UPDATE users SET `IP`='".$_SERVER['REMOTE_ADDR']."' WHERE username='".$username."';";
if (!mysql_query($sql)) { log_errors("Warning: Can't set last IP."); }
header("Location: index.php");
}
else {
header("Location: index.php?login=0");
}
} elseif($_POST['login'] == "Rein") {
echo "HAI";
}else{
echo "You cannot run the script like this!";
}
?>