/common.php

https://gitlab.com/weedzcokie/phpforum · PHP · 49 lines · 44 code · 4 blank · 1 comment · 13 complexity · 3df0387c625ef501eb5a02293bd050d8 MD5 · raw file

  1. <?php
  2. $starttime = microtime(true);
  3. session_start();
  4. include 'config.php';
  5. $ERRORS = null;
  6. include 'functions.php';
  7. // Check login status
  8. if (filter_input(INPUT_GET, 'logout')) {
  9. unset($_SESSION['username']);
  10. unset($_SESSION['password']);
  11. unset($_SESSION['logged_in']);
  12. session_unset();
  13. header('Location: index.php');
  14. die();
  15. }
  16. if (filter_input(INPUT_POST, 'username') && filter_input(INPUT_POST, 'password')) {
  17. $username = filter_input(INPUT_POST, 'username');
  18. $password = hash('sha256', filter_input(INPUT_POST, 'password').$config['hashsalt']);
  19. } else if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
  20. $username = $_SESSION['username'];
  21. $password = $_SESSION['password'];
  22. }
  23. if (isset($username) && isset($password)) {
  24. $username_esc = $mysqli->real_escape_string($username);
  25. $password_esc = $mysqli->real_escape_string($password);
  26. $result = $mysqli->query("SELECT * FROM users WHERE users_name = '" . $username_esc . "' AND users_password = '" . $password_esc . "';");
  27. if ($result->num_rows == 1) {
  28. $row = $result->fetch_array();
  29. $id = $mysqli->real_escape_string($row['users_id']);
  30. $time = $mysqli->real_escape_string(time());
  31. $mysqli->query("UPDATE users SET users_last_login = " . $time ." WHERE users_id = " . $id);
  32. $_SESSION['user_id'] = $id;
  33. if ($row['users_activated'] == 0) {
  34. $_SESSION['activated'] = false;
  35. }
  36. $_SESSION['username'] = $row['users_name'];
  37. $_SESSION['password'] = $password;
  38. $_SESSION['logged_in'] = true;
  39. $_SESSION['access_level'] = $row['users_level'];
  40. } else {
  41. global $ERRORS;
  42. $ERRORS['login'] = 1;
  43. }
  44. }
  45. ?>