Mercurial > hg > ywww

comparison user/uk/checkLogin.php @ 6:077b0a0a3e6d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remaining originals according to dependency walk
author Robert Boland <robert@markup.co.uk>
date Thu, 16 Feb 2017 22:29:02 +0000
parents
children 385ddd7c4b55 a67bf725e87b
comparison
equal deleted inserted replaced
5:55445b456ad0 6:077b0a0a3e6d
1 <?php
2 require "PasswordHash.php";
3
4 include "../../private/db.php";
5
6 // emailname and password sent from form
7 $email=$_GET['email'];
8 $mypassword=$_GET['pwd'];
9
10 // To protect MySQL injection
11 $email = stripslashes($email);
12 $mypassword = stripslashes($mypassword);
13 $email = mysqli_real_escape_string($link,$email);
14 $mypassword = mysqli_real_escape_string($link,$mypassword);
15
16 $t_hasher = new PasswordHash(8, FALSE);
17
18
19 $query1 = 'select Password, FirstName, Surname, UserID from user where Email = \'' .$email .'\'';
20 //echo $query1 . "\n";
21 $data1 = mysqli_query($link, $query1);
22
23 while($line = mysqli_fetch_assoc($data1))
24 {
25 $passHash = $line['Password'];
26 $displayName=$line['FirstName'];
27 $surname=$line['Surname'];
28 $id=$line['UserID'];
29 }
30
31 $check = $t_hasher->CheckPassword($mypassword, $passHash);
32 if ($check)
33 {
34
35 $query2 = "select ReceiveEmail, GoodreadsState from userpref where UserID = $id";
36 //echo $query1 . "\n";
37 $data2 = mysqli_query($link, $query2);
38
39 while($line = mysqli_fetch_assoc($data2))
40 {
41 $receiveEmail = trim($line['ReceiveEmail']);
42 $GRState=trim($line['GoodreadsState']);
43 }
44
45 if($displayName == "")
46 $displayName=$email;
47
48 session_start();
49 $_SESSION['displayName']=$displayName;
50 $_SESSION['email']=$email;
51 $_SESSION['surname']=$surname;
52 $_SESSION['UserID']=$id;
53 $_SESSION['receiveEmail']=$receiveEmail;
54 $_SESSION['GRState']=$GRState;
55 echo session_id();
56 echo ":::" . $displayName . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $id;
57 }
58 else
59 {
60 echo "Incorrect UserName or Password";
61 }
62 ?>