jrtechs
/
jrtechs-Panda-Quotes
mirror of https://github.com/jrtechs/Panda-Quotes.git

<?php
    //ini_set('display_errors', 1);
    $errors = array();        if(isset($_POST['logout']))    {        $_SESSION = array();                echo '<h3>You are now logged out</h3>';                echo("<meta http-equiv='refresh' content='1'>");    }
    if(isset($_POST['log_in']))    {        //echo 'Login procces';
        if(isset($_POST['user_name']))        {            $i_username = @mysqli_real_escape_string($dbc, trim($_POST['user_name']));        }        else        {            $errors['User Name'] = 'You need to enter a user name!';        }                if(isset($_POST['password']))        {            $i_password = @mysqli_real_escape_string($dbc, trim($_POST['password']));        }        else        {            $errors['password'] = "You need to enter a password!";        }                        if($i_password && $i_username)        {                        //valid username
            $q3 = "select * from users where user_name='$i_username'";            //echo $q3;
            $r3 = mysqli_query($dbc, $q3);                        if(@mysqli_num_rows($r3) == 1)            {                //echo 'das good';
                $firstName = "";                while($row = mysqli_fetch_array($r3))                {                    $firstName = $row['first_name'];                                    }                                $q2 = "select * from users where user_name = '$i_username' and pass ='"  . SHA1($i_password . $firstName) .   "'";                               //echo $q2;
                                $r2 = mysqli_query($dbc, $q2);                                                //30 minutes of error seaching to realize if frogot the s in mysqli
                if(@mysqli_num_rows($r2) == 1)                {                    while($row = mysqli_fetch_array($r2))                    {                                                $_SESSION['use'] = true;                        $_SESSION['fname'] = $firstName;                        $_SESSION['user_id'] = $row['user_id'];                        $_SESSION['username'] = $row['user_name'];                        $_SESSION['agent'] = md5($_SERVER['HTTP_USERAGENT'] . 'salt');                                                                        header("Location: index.php");                    }                }                else                {                    $errors['password'] = "You entered an invalid password";                }            }            else            {                $errors['user'] = "You entered an invalid user name!";            }        }    }            echo '<h1 class="w3-text-teal">';        echo '<center>';        if($loggedIn)    {        echo 'Profile';    }    else    {        echo 'Log In';    }    echo '</center></h1>';            echo '<div class ="w3-card-4 w3-container w3-padding-16">';    if($loggedIn)    {        echo '<h3 class="w3-center">Welcome ' . $_SESSION['fname'] . '</h3>';                echo '<form action="index.php" method ="post">            <input class="w3-padding-16 w3-hover-dark-grey w3-btn-block w3-center-align" type="submit" name ="logout" value="logout" />            <input type="hidden" name="logout" value="TRUE" />            </form>';            }    else     {        //prints login form
                echo '<form action ="index.php" method ="post">            <div class="w3-group">            <input class="w3-input" type="text" value="" name="user_name" class="w3-container w3-card-4" required/>            <label class="w3-label w3-validate">User Name</label>            </div>                        <div class="w3-group">            <input class="w3-input" type="password" value="" name="password" class="w3-container w3-card-4" required/>            <label class="w3-label w3-validate">Password</label>            </div>                        <input type="submit" name="login" value="login" class="w3-padding-16 w3-hover-dark-grey w3-btn-block w3-center-align"/>            <input type="hidden" name="log_in" value="TRUE"/>            </form>';                            }    foreach($errors as $msg)    {        echo " - $msg<br />";    }     echo '</div>';       
?>