<?php
|
|
|
|
//ini_set('display_errors', 1);
|
|
$errors = array();
|
|
|
|
if(isset($_POST['logout']))
|
|
{
|
|
$_SESSION = array();
|
|
|
|
echo '<h3>You are now logged out</h3>';
|
|
|
|
echo("<meta http-equiv='refresh' content='1'>");
|
|
}
|
|
|
|
if(isset($_POST['log_in']))
|
|
{
|
|
//echo 'Login procces';
|
|
if(isset($_POST['user_name']))
|
|
{
|
|
$i_username = @mysqli_real_escape_string($dbc,
|
|
trim($_POST['user_name']));
|
|
}
|
|
else
|
|
{
|
|
$errors['User Name'] = 'You need to enter a user name!';
|
|
}
|
|
|
|
if(isset($_POST['password']))
|
|
{
|
|
$i_password = @mysqli_real_escape_string($dbc,
|
|
trim($_POST['password']));
|
|
}
|
|
else
|
|
{
|
|
$errors['password'] = "You need to enter a password!";
|
|
}
|
|
|
|
|
|
if($i_password && $i_username)
|
|
{
|
|
|
|
//valid username
|
|
$q3 = "select * from users where user_name='$i_username'";
|
|
//echo $q3;
|
|
$r3 = mysqli_query($dbc, $q3);
|
|
|
|
if(@mysqli_num_rows($r3) == 1)
|
|
{
|
|
//echo 'das good';
|
|
$firstName = "";
|
|
while($row = mysqli_fetch_array($r3))
|
|
{
|
|
$firstName = $row['first_name'];
|
|
|
|
}
|
|
|
|
$q2 = "select * from users where user_name =
|
|
'$i_username' and pass ='" . SHA1($i_password . $firstName) . "'";
|
|
|
|
//echo $q2;
|
|
|
|
$r2 = mysqli_query($dbc, $q2);
|
|
|
|
|
|
//30 minutes of error seaching to realize if frogot the s in mysqli
|
|
if(@mysqli_num_rows($r2) == 1)
|
|
{
|
|
while($row = mysqli_fetch_array($r2))
|
|
{
|
|
|
|
$_SESSION['use'] = true;
|
|
$_SESSION['fname'] = $firstName;
|
|
$_SESSION['user_id'] = $row['user_id'];
|
|
$_SESSION['username'] = $row['user_name'];
|
|
$_SESSION['agent'] =
|
|
md5($_SERVER['HTTP_USERAGENT'] . 'salt');
|
|
|
|
|
|
header("Location: index.php");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$errors['password'] = "You entered an invalid password";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$errors['user'] = "You entered an invalid user name!";
|
|
}
|
|
}
|
|
}
|
|
|
|
echo '<h1 class="w3-text-teal">';
|
|
|
|
echo '<center>';
|
|
|
|
if($loggedIn)
|
|
echo 'Profile';
|
|
else
|
|
echo 'Log In';
|
|
|
|
echo '</center></h1>';
|
|
|
|
|
|
echo '<div class ="w3-card-4 w3-container w3-padding-16">';
|
|
if($loggedIn)
|
|
{
|
|
echo '<h3 class="w3-center">Welcome ' . $_SESSION['fname'] . '</h3>';
|
|
|
|
echo '<form action="index.php" method ="post">
|
|
<input class="w3-padding-16 w3-hover-dark-grey
|
|
w3-btn-block w3-center-align" type="submit" name ="logout"
|
|
value="logout" />
|
|
<input type="hidden" name="logout" value="TRUE" />
|
|
</form>';
|
|
|
|
}
|
|
else
|
|
{
|
|
//prints login form
|
|
|
|
echo '<form action ="index.php" method ="post">
|
|
<div class="w3-group">
|
|
<input class="w3-input" type="text" value="" name="user_name"
|
|
class="w3-container w3-card-4" required/>
|
|
<label class="w3-label w3-validate">User Name</label>
|
|
</div>
|
|
|
|
<div class="w3-group">
|
|
<input class="w3-input" type="password" value="" name="password"
|
|
class="w3-container w3-card-4" required/>
|
|
<label class="w3-label w3-validate">Password</label>
|
|
</div>
|
|
|
|
<input type="submit" name="login" value="login"
|
|
class="w3-padding-16 w3-hover-dark-grey w3-btn-block
|
|
w3-center-align"/>
|
|
<input type="hidden" name="log_in" value="TRUE"/>
|
|
</form>';
|
|
|
|
}
|
|
foreach($errors as $msg)
|
|
echo " - $msg<br />";
|
|
|
|
echo '</div>';
|