Show sourcecode

The following files exists in this folder. Click to view.

Foogler_blog/pages/login

PLogin.php
PLoginProcess.php
PLogoutProcess.php

PLoginProcess.php

79 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
//------------------
//PLoginProcess.php
//
//Performs the login process
//------------------

//--------------------------
//Gets POST values
$user = isset($_POST['username'])? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';

// -------------------------
// Destroy the current session (logout user), if it exists. 
require_once(TP_SOURCEPATH 'FDestroySession.php'); 

//--------------------------
//DB stuff
$mysqli = new mysqli(DB_HOSTDB_USERDB_PASSWORDDB_DATABASE); //New DB object

//Makes sure DB connection worked
if (mysqli_connect_error()) {
   echo "Connect failed: ".mysqli_connect_error()."<br>";
   exit();
}
$mysqli->set_charset("utf8");

//Prevent SQL injections
$user       $mysqli->real_escape_string($user);
$password    $mysqli->real_escape_string($password);

// ---------------------------------------------------------------------------
// SQL query.
$tableAuthor DB_PREFIX 'Author';

$query = <<<EOD
--
-- Gets username and user id
--
SELECT 
  idAuthor, 
  username
FROM {$tableAuthor}
WHERE
  username = '{$user}' AND
  password = md5('{$password}');
EOD;

$res $mysqli->query($query) or die("<p>Could not query database,</p><code>{$query}</code>"); //Performs query
                                  
// --------------------------
// Use the results of the query to populate a session that shows we are logged in
session_start(); // Must call it since we destroyed it above.
session_regenerate_id(); // To avoid problems 

$row $res->fetch_object(); //Gets results

// Must be one row in the resultset
if($res->num_rows === 1) {
  //Sets user info to session
    $_SESSION['accountId']       = $row->idAuthor;
    $_SESSION['accountUser']     = $row->username;  
} else {
  //Sets error message and returns to login page
    $_SESSION['errorMessage']  = "Inloggningen misslyckades";
    $_POST['redirect']       = 'login';
}

$res->close(); 
$mysqli->close(); //Closes DB connection

// -------------------------------
// Redirect to another page
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'home';
$redirect = ($redirect == 'login') ? 'home' $redirect//If login page then change to home page
header('Location: ' WS_SITELINK "?p={$redirect}");
exit;
?>