-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
94 lines (85 loc) · 2.98 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
if (logged_in()) {
redirect_to("staff.php");
}
include_once("includes/form_functions.php");
// START FORM PROCESSING
if (isset($_POST["submit"])) { // Form has been submitted.
$errors = array();
// perform validations on the form data
$required_fields = array('username', 'password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('username' => 30, 'password' => 30);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if ( empty($errors) ) {
// Check database to see if username and the hashed password exist there.
$query = "SELECT id, username ";
$query .= "FROM users ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result_set = mysqli_query($connection,$query);
confirm_query($result_set);
if (mysqli_num_rows($result_set) == 1) {
// username/password authenticated
// and only 1 match
$found_user = mysqli_fetch_array($result_set);
$_SESSION['user_id'] = $found_user['id'];
$_SESSION['username'] = $found_user['username'];
//echo $_SESSION['user_id'] . " " . $_SESSION['username'];
redirect_to("staff.php");
} else {
// username/password combo was not found in the database
$message = "Username/password combination incorrect.<br />
Please make sure your caps lock key is off and try again.";
}
} else {
if (count($errors) == 1) {
$message = "There was 1 error in the form.";
} else {
$message = "There were " . count($errors) . " errors in the form.";
}
}
} else { // Form has not been submitted.
if (isset($_GET['logout']) && $_GET['logout'] == 1) {
$message = "You are now logged out.";
}
$username = "";
$password = "";
}
?>
<?php include("includes/header.php"); ?>
<table id="structure">
<tr>
<td id="navigation">
<a href="index.php">Return to public site</a>
</td>
<td id="page">
<h2>Staff Login</h2>
<?php if (!empty($message)) {echo "<p class=\"message\">" . $message . "</p>";} ?>
<?php if (!empty($errors)) { display_errors($errors); } ?>
<form action="login.php" method="POST">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php include("includes/footer.php"); ?>