3 UserCake Version: 2.0.2
\r
7 require_once("models/config.php");
\r
8 if (!securePage($_SERVER['PHP_SELF'])){die();}
\r
10 //Prevent the user visiting the logged in page if he/she is already logged in
\r
11 if(isUserLoggedIn()) { header("Location: account.php"); die(); }
\r
17 $username = sanitize(trim($_POST["username"]));
\r
18 $password = trim($_POST["password"]);
\r
20 //Perform some validation
\r
21 //Feel free to edit / change as required
\r
24 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
\r
28 $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
\r
31 if(count($errors) == 0)
\r
33 //A security note here, never tell the user which credential was incorrect
\r
34 if(!usernameExists($username))
\r
36 $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
\r
40 $userdetails = fetchUserDetails($username);
\r
41 //See if the user's account is activated
\r
42 if($userdetails["active"]==0)
\r
44 $errors[] = lang("ACCOUNT_INACTIVE");
\r
48 //Hash the password and use the salt from the database to compare the password.
\r
49 $entered_pass = generateHash($password,$userdetails["password"]);
\r
51 echo "".$userdetails["password"];
\r
53 if($entered_pass != $userdetails["password"])
\r
55 //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
\r
56 $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
\r
60 //Passwords match! we're good to go'
\r
62 //Construct a new logged in user object
\r
63 //Transfer some db data to the session object
\r
64 $loggedInUser = new loggedInUser();
\r
65 $loggedInUser->email = $userdetails["email"];
\r
66 $loggedInUser->user_id = $userdetails["id"];
\r
67 $loggedInUser->hash_pw = $userdetails["password"];
\r
68 $loggedInUser->title = $userdetails["title"];
\r
69 $loggedInUser->displayname = $userdetails["display_name"];
\r
70 $loggedInUser->username = $userdetails["user_name"];
\r
72 //Update last sign in
\r
73 $loggedInUser->updateLastSignIn();
\r
74 $_SESSION["userCakeUser"] = $loggedInUser;
\r
76 //Redirect to user account page
\r
77 header("Location: account.php");
\r
85 require_once("models/header.php");
\r
90 <div id='top'><div id='logo'></div></div>
\r
94 <div id='left-nav'>";
\r
96 include("left-nav.php");
\r
102 echo resultBlock($errors,$successes);
\r
106 <form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>
\r
108 <label>Username:</label>
\r
109 <input type='text' name='username' />
\r
112 <label>Password:</label>
\r
113 <input type='password' name='password' />
\r
116 <label> </label>
\r
117 <input type='submit' value='Login' class='submit' />
\r
122 <div id='bottom'></div>
\r