Mercurial > hg > ywww
comparison user/checkLogin.php @ 6:077b0a0a3e6d
remaining originals according to dependency walk
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Thu, 16 Feb 2017 22:29:02 +0000 |
| parents | |
| children | 385ddd7c4b55 a67bf725e87b |
comparison
equal
deleted
inserted
replaced
| 5:55445b456ad0 | 6:077b0a0a3e6d |
|---|---|
| 1 <?php | |
| 2 require "PasswordHash.php"; | |
| 3 | |
| 4 include "../../private/db.php"; | |
| 5 | |
| 6 // emailname and password sent from form | |
| 7 $email=$_GET['email']; | |
| 8 $mypassword=$_GET['pwd']; | |
| 9 | |
| 10 // To protect MySQL injection | |
| 11 $email = stripslashes($email); | |
| 12 $mypassword = stripslashes($mypassword); | |
| 13 $email = mysqli_real_escape_string($link,$email); | |
| 14 $mypassword = mysqli_real_escape_string($link,$mypassword); | |
| 15 | |
| 16 $t_hasher = new PasswordHash(8, FALSE); | |
| 17 | |
| 18 $exists = 0; | |
| 19 $query1 = 'select Password, FirstName, Surname, DisplayName, UserID from user where Email = \'' .$email .'\''; | |
| 20 //echo $query1 . "\n"; | |
| 21 $data1 = mysqli_query($link, $query1); | |
| 22 | |
| 23 while($line = mysqli_fetch_assoc($data1)) | |
| 24 { | |
| 25 $exists = 1; | |
| 26 $passHash = $line['Password']; | |
| 27 $firstName=$line['FirstName']; | |
| 28 $surname=$line['Surname']; | |
| 29 $displayName=$line['DisplayName']; | |
| 30 $id=$line['UserID']; | |
| 31 } | |
| 32 | |
| 33 if ($exists) { | |
| 34 $check = $t_hasher->CheckPassword($mypassword, $passHash); | |
| 35 if ($check) | |
| 36 { | |
| 37 $query2 = "select ReceiveEmail, GoodreadsState, LocID from userpref where UserID = $id"; | |
| 38 //echo $query1 . "\n"; | |
| 39 $data2 = mysqli_query($link, $query2); | |
| 40 | |
| 41 while($line = mysqli_fetch_assoc($data2)) | |
| 42 { | |
| 43 $receiveEmail = trim($line['ReceiveEmail']); | |
| 44 $GRState=trim($line['GoodreadsState']); | |
| 45 $LocID=trim($line['LocID']); | |
| 46 } | |
| 47 | |
| 48 if($displayName == "") | |
| 49 { | |
| 50 if($firstName == "") | |
| 51 $displayName=$email; | |
| 52 else | |
| 53 $displayName = $firstName; | |
| 54 } | |
| 55 | |
| 56 session_start(); | |
| 57 $_SESSION['displayName']=$displayName; | |
| 58 $_SESSION['email']=$email; | |
| 59 $_SESSION['surname']=$surname; | |
| 60 $_SESSION['UserID']=$id; | |
| 61 $_SESSION['receiveEmail']=$receiveEmail; | |
| 62 $_SESSION['GRState']=$GRState; | |
| 63 $_SESSION['Loc']=$LocID; | |
| 64 echo session_id(); | |
| 65 echo ":::" . $displayName . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $LocID . ":::" . $email . ":::" . $id; | |
| 66 } | |
| 67 } | |
| 68 else | |
| 69 { | |
| 70 echo "Incorrect UserName or Password"; | |
| 71 } | |
| 72 mysqli_close($link); | |
| 73 ?> |