/login.php
PHP | 362 lines | 303 code | 29 blank | 30 comment | 63 complexity | 3541bb4aa4402cb426afbdef23593174 MD5 | raw file
- <?php
- session_start();
- // Include the config file which connects to database and bbcode array
- include "./includes/config.php";
- // Checks if there is an existing login cookie
- // if cookie does not exist, continue
- // this is specifically needed here because we will be creating a cookie here and also to avoid a possible infinite loop
- if (isset($_COOKIE['ID_my_site']))
- {
- $username = $_COOKIE['ID_my_site'];
- $password = $_COOKIE['Key_my_site'];
- $statement = $db->prepare("SELECT * FROM account WHERE username = ?");
- $statement->execute(array($username));
- $info = $statement->fetch();
- // if cookie has wrong stored password, expire it and take them back to login page
- if ($password != $info['password'])
- {
- $past = time() - 3600;
- //destroy the cookie
- setcookie('ID_my_site', '', $past, "/");
- setcookie('Key_my_site', '', $past, "/");
- unset($_COOKIE['ID_my_site']);
- unset($_COOKIE['Key_my_site']);
- session_destroy();
- }
- else
- ("Location: index.php");
- }
- else
- ("Location: index.php");
- // Reset Password
- if (empty($_GET['action']))
- $_GET['action'] = "";
- if (empty($_GET['reset']))
- $_GET['reset'] = 0;
- // Reset Form Start
- if (isset($_POST['submit']) && ($_GET['action'] == "resetpass") && $_POST['question'] && $_POST['answer'] && $_POST['username'])
- {
- // if form has been submitted
- // makes sure they filled it in
- if(!$_POST['question'] || !$_POST['answer'] || !$_POST['username'])
- die('You did not fill in a required field.');
- // checks it against the database
- $check = $db->prepare("SELECT * FROM users u INNER JOIN account a WHERE u.account = a.id AND a.username= ?");
- $check->execute(array($_POST['username']));
- // Gives error if user dosen't exist
- $check2 = $check->rowcount();
- if ($check2 == 0)
- die
- ('
- That user does not exist in our database.
- <a href=registration.php>Click Here to Register</a> or
- <a href="login.php?action=resetpass> Click here to try again.</a>
- ');
- $info = $check->fetch();
- $_POST['question'] = addslashes($_POST['question']);
- $_POST['answer'] = addslashes($_POST['answer']);
- //gives error if the question/answer is wrong
- if ($_POST['question'] != $info['secQues'])
- die
- ('
- The question does not match the one in the database, please try again.
- Click <a href="login.php?action=resetpass">here</a> to go back.
- ');
- else if ($_POST['answer'] != $info['secAns'])
- {
- die
- ('
- The answer does not match the one in the database, please try again.
- Click <a href="login.php?action=resetpass">here</a> to go back.
- ');
- }
- else
- {
- $account = $info['id'];
- // if everything is ok then we allow to reset password via redirect to new page!
- header("Location: login.php?action=resetpass&reset=$account&cond=1");
- }
- }
- else if (isset($_POST['submit']) && ($_GET['action'] == "resetpass") && ($_GET['cond'] == 2))
- {
- // if form has been submitted
- // makes sure they filled it in
- if(!$_POST['pass'] | !$_POST['pass2'])
- die('You did not fill in a required field.');
- // this makes sure both passwords entered match
- if ($_POST['pass'] != $_POST['pass2'])
- die('Your passwords did not match. ');
- // here we encrypt the password and add slashes if needed
- if (!get_magic_quotes_gpc())
- $_POST['pass'] = addslashes($_POST['pass']);
- $sha_pass_hash = sha1(strtoupper($_POST['username']) . ":" . strtoupper($_POST['pass']));
- // now we insert it into the database
- $errors = "";
- if (!isset($_POST['pass']))
- $errors .= "Please provide a password in the first field. <br/>";
- if (!isset($_POST['pass2']))
- $errors .= "Please provide a password in the second field. <br/>";
- if ($errors == "")
- {
- $account = $_GET['reset'];
- $statement = $db->prepare("UPDATE account a INNER JOIN users u SET a.password= ?, dateReg=NOW() WHERE u.account = a.id AND u.account = AND a.id = ? AND a.username = ?");
- $statement->execute(array($sha_pass_hash, $account, $_POST['username']));
- $_GET['reset'] = 2;
- header("Location: login.php?action=resetpass&reset=2");
- }
- else
- echo $errors."Please go back and try again.";
- }
- // Reset Form End
- // check if the login form is submitted
- else if (isset($_POST['submit']))
- {
- //Image Verification Start -- Check if string entered matches the md5 hash by the generated string
- $number = $_POST['number'];
- if (md5($number) != $_SESSION['image_random_value'])
- die ('Validation string not valid! Please try again! Click <a href=login.php>here</a> to go back.');
- else
- {
- // if form has been submitted
- // makes sure they filled it in
- if (!$_POST['username'] | !$_POST['password'])
- die('You did not fill in a required field.');
- // checks it against the database
- $statement = $db->prepare("SELECT * FROM account WHERE username= ?");
- $statement->execute(array($_POST['username']));
- //Gives error if user dosen't exist
- $check2 = $statement->rowCount();
- if ($check2 == 0)
- die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>');
- $info = $statement->fetch();
- $username = $_POST['username'];
- $pass = $_POST['password'];
- $password = sha1(strtoupper($username) . ":" . strtoupper($pass));
- //gives error if the password is wrong
- if ($password != $info['password'])
- die('Incorrect password, please try again. Click <a href="login.php">here</a> to go back.');
- else
- {
- // if login is ok then we add a cookie, allow it for all subfolders and update online status
- $hour = time() + 3600;
- setcookie('ID_my_site', $username, $hour, "/");
- setcookie('Key_my_site', $password, $hour, "/");
- $statement = $db->prepare("UPDATE account SET online = 1 WHERE username = ? AND type = 0");
- $statement->execute(array($username));
- $check = $db->prepare("SELECT * FROM account WHERE username= ?");
- $check->execute(array($username));
- $info = $check->fetch();
- if ($info['type'] == 0 || 3)
- //then redirect them to the main page
- header("Location: index.php");
- if ($info['type'] == 1)
- header("Location: ./employers/index.php");
- }
- }
- }
- ?>
- <html>
- <head>
- <title>
- Log In to JobIsland
- </title>
- <!-- CSS START -->
- <link rel="stylesheet" type="text/css" href="./includes/invi.css" media="screen"/>
- <!-- CSS END -->
- <script language="javascript">
- <!-- redirect script -->
- function redirectPage()
- {
- document.location.href= "login.php"
- }
- </script>
- </head>
- <body>
- <!-- Left and Right Side Backgrounds -->
- <div class="leftbg">
- <div class="rightbg">
- <!-- Header Start -->
- <?php
- include "./includes/head.php";
- ?>
- <!-- Header End -->
- <!-- Left Side Article Start -->
- <div id="left">
- <div class="left_articles">
- <?php
- if ($_GET['action'] == "resetpass")
- {
- echo '<center><b><p style="font-size: 16;"><a> Password Reset </a></p></b></center>';
- echo '<br><p> Please enter your username along with the secret question and your answer to it.';
- echo '<br> Once the question and answer has been verified you will be allowed to reset your password.</p>';
- echo '<form method="post" action="login.php?action=resetpass">';
- echo '<tr>
- <td>
- <p style="font-size: 14;">Your Username:</p>
- </td><td>
- <input type="text" name="username" maxlength="60" size="40"/>
- </td></tr><br><br>
- <tr><td>
- <p style="font-size: 14;">Your Secret Question:</p>
- </td><td>
- <input type="text" name="question" maxlength="60" size="40" />
- </td></tr><br><br>
- <tr><td>
- <p style="font-size: 14;">Your Secret Answer:</p>
- </td><td>
- <input type="text" name="answer" maxlength="60" size="40" />
- </td></tr><br><br>
- <tr><th colspan=2>
- <input type="submit" name="submit" value="Reset Password" />
- <input type="button" value="Back" onClick="redirectPage()">
- </th></tr>
- </table>
- </form><br>
- ';
- }
- if (($_GET['action'] == "resetpass") && ($_GET['reset'] == 1) && ($_GET['cond'] == 1))
- {
- $user = $_GET['reset'];
- echo '<center><b><p style="font-size: 16;"><a> Password Reset </a></p></b></center>';
- echo '<p> Please enter your new password. </p>';
- echo '<p> The current password will now be overwritten with the new one.</p><br>';
- echo '<form method="post" action="login.php?action=resetpass&reset='.$user.'&cond=2">';
- echo '<tr>
- <td>
- <p style="font-size: 14;">Your New Password:</p>
- </td>
- <td>
- <input type="password" name="pass" maxlength="60" size="40" />
- </td>
- </tr>
- <br><br>
- <tr>
- <td>
- <p style="font-size: 14;">Your New Password Again:</p>
- </td>
- <td>
- <input type="password" name="pass2" maxlength="60" size="40" />
- </td>
- </tr>
- <br><br>
- <tr><th colspan=2>
- <input type="submit" name="submit" value="Reset Password">
- </th></tr>
- </table>
- </form>
- ';
- }
- if (($_GET['action'] == "resetpass") && ($_GET['reset'] == 2) && ($_GET['cond'] == 3))
- {
- echo '<center><b><p style="font-size: 16;"><a> Password Reset </a></p></b></center>';
- echo '<p>Your password has been successfully changed!</p>';
- echo '<p>You may now log in using your new password</p>';
- echo '<p> Click <a href="login.php">here</a> to login now!</p></center>';
- header("Location: logout.php");
- }
- else
- {
- echo '
- <b><p style="font-size: medium">So, we\'ve heard you\'re looking for a job?</p></b>
- <br>
- <p style="font-size: small;">
- To get to experience the sunny beaches of Job Island you first need to log in. We don\'t want sharks in our waters so we insist on it.
- <br>
- We\'re sorry but it is needed. Also cookies? They need to be enabled as well.
- <br><br>
- What? You don\'t have an account? Then hurry up and register <b><a href="registration.php">here!</a></b>
- <br><br></p><br>
- <b><p style="font-size: medium">Are you an employer? Don\'t have an account yet? Register <a href="./employers/registration.php">here!</a></p></b>
- <p style="font-size: small;">
- Want to affiliate your company with our service? Head on over to the <b><a href="faq.php">FAQ section</a></b> to see how.
- </p>';
- }
- // Reset Pass End
- ?>
- </div>
- </div>
- <!-- Left Side Article End -->
- <!-- Right Side Article Start -->
- <div id="right">
- <div class="right_articles">
- <b><p style="font-size: medium" align="center">Log In</p></b>
- <!-- 2 ways to pass form, using PHP_SELF or just putting in the location and file name. Both works fine. -->
- <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
- <table border="0" align="center">
- <tr>
- <td>Username: </td>
- <td><input type="text" name="username" maxlength="40"></td>
- </tr>
- <tr>
- <td>Password: </td>
- <td><input type="password" name="password" maxlength="50"></td>
- </tr>
- <tr>
- <td>Image Verification:</td>
- <td><input name='number' type="text" id=\'number\''></td>
- </tr>
- <tr>
- <td colspan="2" align="center"><img alt='' src='./includes/random_image.php' /></td>
- </tr>
- </table>
- <p style="font-size: small;" align="center">
- Please enter the string shown in the image above.
- </p>
- <br>
- <center>
- <tr><td colspan="2" align="center">
- <input type="submit" name="submit" value="Login">
- </td></tr>
- </center>
- </form>
- <p style="font-size: small;" align="center">Forgot your password? Click <b><a href="login.php?action=resetpass">here to retrieve it!</a></b>
- </div>
- </div>
- <!-- Right Side Article End -->
- <!-- Footer Start -->
- <?php
- include './includes/footer.php';
- ?>
- <!-- Footer End -->
- </div>
- </div>
- </body>
- </html>