/common.php

 1<?php
 2$starttime = microtime(true);
 3session_start();
 4include 'config.php';
 5
 6$ERRORS = null;
 7
 8include 'functions.php';
 9
10// Check login status
11if (filter_input(INPUT_GET, 'logout')) {
12    unset($_SESSION['username']);
13    unset($_SESSION['password']);
14    unset($_SESSION['logged_in']);
15    session_unset();
16    header('Location: index.php');
17    die();
18}
19if (filter_input(INPUT_POST, 'username') && filter_input(INPUT_POST, 'password')) {
20    $username = filter_input(INPUT_POST, 'username');
21    $password = hash('sha256', filter_input(INPUT_POST, 'password').$config['hashsalt']);
22} else if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
23    $username = $_SESSION['username'];
24    $password = $_SESSION['password'];
25}
26if (isset($username) && isset($password)) {
27    $username_esc = $mysqli->real_escape_string($username);
28    $password_esc = $mysqli->real_escape_string($password);
29    $result = $mysqli->query("SELECT * FROM users WHERE users_name = '" . $username_esc . "' AND users_password = '" . $password_esc . "';");
30    if ($result->num_rows == 1) {
31        $row = $result->fetch_array();
32        $id = $mysqli->real_escape_string($row['users_id']);
33        $time = $mysqli->real_escape_string(time());
34        $mysqli->query("UPDATE users SET users_last_login = " . $time ." WHERE users_id = " . $id);
35        $_SESSION['user_id'] = $id;
36        if ($row['users_activated'] == 0) {
37            $_SESSION['activated'] = false;
38        }
39        $_SESSION['username'] = $row['users_name'];
40        $_SESSION['password'] = $password;
41        $_SESSION['logged_in'] = true;
42        $_SESSION['access_level'] = $row['users_level'];
43    } else {
44        global $ERRORS;
45        $ERRORS['login'] = 1;
46    }
47}
48
49 ?>