Point808/yaptc
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

user deletion fixed, license added for fpdf even though not using

Browse Source
This commit is contained in:
Josh North
2015-02-20 01:57:34 -05:00
parent ca258c49fc
commit dc77dc7e65
10 changed files with 199 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
login.php
View File

@@ -4,55 +4,50 @@ require_once("config.inc.php");
$yaptc_pagename = "Login";
require_once($yaptc_inc . "header.inc.php");
require_once($yaptc_inc . "menu.inc.php");
//********** BEGIN CONTENT **********//
// Is user logged in? If so, tell them and go to main...
if (isset($_SESSION['user_id']) && isset($_SESSION['signature']) && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] = true && $_SESSION['signature'] = md5($_SESSION['user_id'] . $_SERVER['HTTP_USER_AGENT']))
{
if (getSessionStatus() == true):
header ("Refresh:3; url=index.php", true, 303);
echo "<h2 class=\"content-subhead\">You are already logged in...</h2>";
}
else
{
echo "<h2 class=\"content-subhead\">User Login</h2>";
echo "<form class=\"pure-form\" action=\"login.php\" method=\"post\">";
echo "<fieldset class=\"pure-group\" id=\"login\">";
echo "<label for=\"username\">Username</label>";
echo "<input type=\"text\" class=\"pure-input-1-2\" placeholder=\"Username\" id=\"username\" name=\"username\">";
echo "<label for=\"password\">Password</label>";
echo "<input type=\"password\" class=\"pure-input-1-2\" placeholder=\"Password\" id=\"password\" name=\"password\">";
echo "</fieldset>";
echo "<button type=\"submit\" class=\"pure-button pure-input-1-2 pure-button-primary\" value=\"Login\">Sign in</button>";
echo "</form>";
else:
//********** BEGIN CONTENT **********// ?>
<h2 class="content-subhead">User Login</h2>
<form class="pure-form" action="login.php" method="post">
<fieldset class="pure-group" id="login">
<input type="text" class="pure-input-1" placeholder="Username" id="username" name="username" />
<input type="password" class="pure-input-1" placeholder="Password" id="password" name="password" />
</fieldset>
<button type="submit" class="pure-button button-success pure-input-1 pure-button-primary" value="Login">Sign in</button>
</form>
<?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$hasher = new PasswordHash(8, FALSE);
if (!empty($_POST)) {
$query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
$stmt = $sql->prepare($query);
$stmt->execute(array(':username' => $_POST['username']));
$user = $stmt->fetchObject();
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)) {
$hasher = new PasswordHash(8, FALSE);
if (!empty($_POST)):
$query = "SELECT id, password, UNIX_TIMESTAMP(created) AS salt, firstname, lastname FROM users WHERE username = :username";
$stmt = $yaptc_db->prepare($query);
$stmt->execute(array(
':username' => $_POST['username']
));
$user = $stmt->fetchObject();
if ($user && $user->password == $hasher->CheckPassword($_POST['password'], $user->password)):
session_regenerate_id();
$_SESSION['user_id'] = $user->id;
$_SESSION['loggedIn'] = TRUE;
$_SESSION['signature'] = md5($user->id . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['firstname'] = $user->firstname;
$_SESSION['lastname'] = $user->lastname;
$_SESSION['firstname'] = $user->firstname;
$_SESSION['lastname'] = $user->lastname;
session_write_close();
echo "Login successful...";
header("Location: index.php");
}
else
{
header ("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
}
}
}
header("Location: index.php");
else:
header("Refresh:3; url=login.php", true, 303);
echo "<h2 class=\"content-subhead\">Login failed, please try again...</h2>";
endif;
endif;
?>
//********** END CONTENT **********//
<?php //********** END CONTENT **********//
endif;
require_once($yaptc_inc . "footer.inc.php");
?>