Mercurial > hg > ywww

diff user/checkLogin.php @ 6:077b0a0a3e6d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
remaining originals according to dependency walk
author Robert Boland <robert@markup.co.uk>
date Thu, 16 Feb 2017 22:29:02 +0000
parents
children 385ddd7c4b55 a67bf725e87b
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/user/checkLogin.php	Thu Feb 16 22:29:02 2017 +0000
@@ -0,0 +1,73 @@
+<?php
+require "PasswordHash.php";
+
+include "../../private/db.php"; 
+
+// emailname and password sent from form
+$email=$_GET['email'];
+$mypassword=$_GET['pwd'];
+
+// To protect MySQL injection 
+$email = stripslashes($email);
+$mypassword = stripslashes($mypassword);
+$email = mysqli_real_escape_string($link,$email);
+$mypassword = mysqli_real_escape_string($link,$mypassword);
+
+$t_hasher = new PasswordHash(8, FALSE);
+
+$exists = 0;
+$query1 = 'select Password, FirstName, Surname, DisplayName, UserID from user where Email = \'' .$email .'\'';
+//echo $query1 . "\n";
+$data1 = mysqli_query($link, $query1);
+
+while($line = mysqli_fetch_assoc($data1))
+{
+	$exists = 1;
+	$passHash = $line['Password'];
+	$firstName=$line['FirstName'];
+	$surname=$line['Surname'];
+	$displayName=$line['DisplayName'];
+	$id=$line['UserID'];
+}
+
+if ($exists) {
+  $check = $t_hasher->CheckPassword($mypassword, $passHash);
+  if ($check) 
+    {
+      $query2 = "select ReceiveEmail, GoodreadsState, LocID from userpref where UserID = $id";
+      //echo $query1 . "\n";
+      $data2 = mysqli_query($link, $query2);
+
+      while($line = mysqli_fetch_assoc($data2))
+	{
+	  $receiveEmail = trim($line['ReceiveEmail']);
+	  $GRState=trim($line['GoodreadsState']);
+	  $LocID=trim($line['LocID']);
+	}
+
+      if($displayName == "")
+	{
+	  if($firstName == "")
+	    $displayName=$email;
+	  else
+	    $displayName = $firstName;
+	}
+	
+      session_start();
+      $_SESSION['displayName']=$displayName;
+      $_SESSION['email']=$email;
+      $_SESSION['surname']=$surname;
+      $_SESSION['UserID']=$id;
+      $_SESSION['receiveEmail']=$receiveEmail;
+      $_SESSION['GRState']=$GRState;
+      $_SESSION['Loc']=$LocID;
+      echo session_id();
+      echo ":::" . $displayName . ":::" . $surname . ":::" . $receiveEmail . ":::" . $GRState . ":::" . $LocID . ":::" . $email . ":::" . $id;
+    }
+ }
+else
+{
+	echo "Incorrect UserName or Password";
+}
+mysqli_close($link);
+?>