testing/MCTXWeb/public_html/users/login.php

   1 <?php\r
   2 /*\r
   3 UserCake Version: 2.0.2\r
   4 http://usercake.com\r
   5 */\r
   6 \r
   7 require_once("models/config.php");\r
   8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
   9 \r
  10 //Prevent the user visiting the logged in page if he/she is already logged in\r
  11 if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
  12 \r
  13 //Forms posted\r
  14 if(!empty($_POST))\r
  15 {\r
  16         $errors = array();\r
  17         $username = sanitize(trim($_POST["username"]));\r
  18         $password = trim($_POST["password"]);\r
  19         \r
  20         //Perform some validation\r
  21         //Feel free to edit / change as required\r
  22         if($username == "")\r
  23         {\r
  24                 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
  25         }\r
  26         if($password == "")\r
  27         {\r
  28                 $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
  29         }\r
  30 \r
  31         if(count($errors) == 0)\r
  32         {\r
  33                 //A security note here, never tell the user which credential was incorrect\r
  34                 if(!usernameExists($username))\r
  35                 {\r
  36                         $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
  37                 }\r
  38                 else\r
  39                 {\r
  40                         $userdetails = fetchUserDetails($username);\r
  41                         //See if the user's account is activated\r
  42                         if($userdetails["active"]==0)\r
  43                         {\r
  44                                 $errors[] = lang("ACCOUNT_INACTIVE");\r
  45                         }\r
  46                         else\r
  47                         {\r
  48                                 //Hash the password and use the salt from the database to compare the password.\r
  49                                 $entered_pass = generateHash($password,$userdetails["password"]);\r
  50 \r
  51                                 echo "".$userdetails["password"];\r
  52                                 \r
  53                                 if($entered_pass != $userdetails["password"])\r
  54                                 {\r
  55                                         //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
  56                                         $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
  57                                 }\r
  58                                 else\r
  59                                 {\r
  60                                         //Passwords match! we're good to go'\r
  61                                         \r
  62                                         //Construct a new logged in user object\r
  63                                         //Transfer some db data to the session object\r
  64                                         $loggedInUser = new loggedInUser();\r
  65                                         $loggedInUser->email = $userdetails["email"];\r
  66                                         $loggedInUser->user_id = $userdetails["id"];\r
  67                                         $loggedInUser->hash_pw = $userdetails["password"];\r
  68                                         $loggedInUser->title = $userdetails["title"];\r
  69                                         $loggedInUser->displayname = $userdetails["display_name"];\r
  70                                         $loggedInUser->username = $userdetails["user_name"];\r
  71                                         \r
  72                                         //Update last sign in\r
  73                                         $loggedInUser->updateLastSignIn();\r
  74                                         $_SESSION["userCakeUser"] = $loggedInUser;\r
  75                                         \r
  76                                         //Redirect to user account page\r
  77                                         header("Location: account.php");\r
  78                                         die();\r
  79                                 }\r
  80                         }\r
  81                 }\r
  82         }\r
  83 }\r
  84 \r
  85 require_once("models/header.php");\r
  86 \r
  87 echo "\r
  88 <body>\r
  89 <div id='wrapper'>\r
  90 <div id='top'><div id='logo'></div></div>\r
  91 <div id='content'>\r
  92 <h1>UserCake</h1>\r
  93 <h2>Login</h2>\r
  94 <div id='left-nav'>";\r
  95 \r
  96 include("left-nav.php");\r
  97 \r
  98 echo "\r
  99 </div>\r
 100 <div id='main'>";\r
 101 \r
 102 echo resultBlock($errors,$successes);\r
 103 \r
 104 echo "\r
 105 <div id='regbox'>\r
 106 <form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
 107 <p>\r
 108 <label>Username:</label>\r
 109 <input type='text' name='username' />\r
 110 </p>\r
 111 <p>\r
 112 <label>Password:</label>\r
 113 <input type='password' name='password' />\r
 114 </p>\r
 115 <p>\r
 116 <label>&nbsp;</label>\r
 117 <input type='submit' value='Login' class='submit' />\r
 118 </p>\r
 119 </form>\r
 120 </div>\r
 121 </div>\r
 122 <div id='bottom'></div>\r
 123 </div>\r
 124 </body>\r
 125 </html>";\r
 126 \r
 127 ?>\r