PageRenderTime 51ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/login.php

https://bitbucket.org/jon0/jobislanddev
PHP | 362 lines | 303 code | 29 blank | 30 comment | 63 complexity | 3541bb4aa4402cb426afbdef23593174 MD5 | raw file
    

  1. <?php
    2. 

  2. session_start();
    3. 

  3. 

  4. // Include the config file which connects to database and bbcode array
    5. 

  5. include "./includes/config.php";
    6. 

  6. 

  7. // Checks if there is an existing login cookie
    8. 

  8. // if cookie does not exist, continue
    9. 

  9. // this is specifically needed here because we will be creating a cookie here and also to avoid a possible infinite loop
    10. 

  10. if (isset($_COOKIE['ID_my_site']))
    11. 

  11. {
    12. 

  12.     $username = $_COOKIE['ID_my_site'];
    13. 

  13.     $password = $_COOKIE['Key_my_site'];
    14. 

  14.     $statement = $db->prepare("SELECT * FROM account WHERE username = ?");
    15. 

  15.     $statement->execute(array($username));
    16. 

  16. 

  17.     $info = $statement->fetch();
    18. 

  18.     // if cookie has wrong stored password, expire it and take them back to login page
    19. 

  19.     if ($password != $info['password'])
    20. 

  20.     {
    21. 

  21.         $past = time() - 3600;
    22. 

  22.         //destroy the cookie
    23. 

  23.         setcookie('ID_my_site', '', $past, "/");
    24. 

  24.         setcookie('Key_my_site', '', $past, "/");
    25. 

  25.         unset($_COOKIE['ID_my_site']);
    26. 

  26.         unset($_COOKIE['Key_my_site']);
    27. 

  27.         session_destroy();
    28. 

  28.     }
    29. 

  29.     else
    30. 

  30.         ("Location: index.php");
    31. 

  31. }
    32. 

  32. else
    33. 

  33.     ("Location: index.php");
    34. 

  34. 

  35. // Reset Password
    36. 

  36. if (empty($_GET['action']))
    37. 

  37.     $_GET['action'] = "";
    38. 

  38. 

  39. if (empty($_GET['reset']))
    40. 

  40.     $_GET['reset'] = 0;
    41. 

  41. 

  42. // Reset Form Start
    43. 

  43. if (isset($_POST['submit']) && ($_GET['action'] == "resetpass") && $_POST['question'] && $_POST['answer'] && $_POST['username'])
    44. 

  44. {
    45. 

  45.     // if form has been submitted
    46. 

  46.     // makes sure they filled it in
    47. 

  47.     if(!$_POST['question'] || !$_POST['answer'] || !$_POST['username'])
    48. 

  48.         die('You did not fill in a required field.');
    49. 

  49. 

  50.     // checks it against the database
    51. 

  51.     $check = $db->prepare("SELECT * FROM users u INNER JOIN account a WHERE u.account = a.id AND a.username= ?");
    52. 

  52.     $check->execute(array($_POST['username']));
    53. 

  53. 

  54.     // Gives error if user dosen't exist
    55. 

  55.     $check2 = $check->rowcount();
    56. 

  56.     if ($check2 == 0)
    57. 

  57.         die
    58. 

  58.         ('
    59. 

  59.             That user does not exist in our database.
    60. 

  60.             <a href=registration.php>Click Here to Register</a> or
    61. 

  61.             <a href="login.php?action=resetpass> Click here to try again.</a>
    62. 

  62.         ');
    63. 

    64. 

  64.     $info = $check->fetch();
    65. 

  65.     $_POST['question'] = addslashes($_POST['question']);
    66. 

  66.     $_POST['answer'] = addslashes($_POST['answer']);
    67. 

  67.     //gives error if the question/answer is wrong
    68. 

  68.     if ($_POST['question'] != $info['secQues'])
    69. 

  69.         die
    70. 

  70.         ('
    71. 

  71.             The question does not match the one in the database, please try again.
    72. 

  72.             Click <a href="login.php?action=resetpass">here</a> to go back.
    73. 

  73.         ');
    74. 

    75. 

  75.     else if ($_POST['answer'] != $info['secAns'])
    76. 

  76.     {
    77. 

  77.         die
    78. 

  78.         ('
    79. 

  79.             The answer does not match the one in the database, please try again.
    80. 

  80.             Click <a href="login.php?action=resetpass">here</a> to go back.
    81. 

  81.         ');
    82. 

  82.     }
    83. 

  83.     else
    84. 

  84.     {
    85. 

  85.         $account = $info['id'];
    86. 

  86.         // if everything is ok then we allow to reset password via redirect to new page!
    87. 

  87.         header("Location: login.php?action=resetpass&reset=$account&cond=1");
    88. 

  88.     }
    89. 

  89. 

  90. }
    91. 

  91. else if (isset($_POST['submit']) && ($_GET['action'] == "resetpass") && ($_GET['cond'] == 2))
    92. 

  92. {
    93. 

  93.     // if form has been submitted
    94. 

  94.     // makes sure they filled it in
    95. 

  95.     if(!$_POST['pass'] | !$_POST['pass2'])
    96. 

  96.         die('You did not fill in a required field.');
    97. 

  97. 

  98.     // this makes sure both passwords entered match
    99. 

  99.     if ($_POST['pass'] != $_POST['pass2'])
    100. 

  100.         die('Your passwords did not match. ');
    101. 

  101. 

  102.     // here we encrypt the password and add slashes if needed
    103. 

  103.     if (!get_magic_quotes_gpc())
    104. 

  104.         $_POST['pass'] = addslashes($_POST['pass']);
    105. 

  105. 

  106.     $sha_pass_hash = sha1(strtoupper($_POST['username']) . ":" . strtoupper($_POST['pass']));
    107. 

  107. 

  108.     // now we insert it into the database
    109. 

  109.     $errors = "";
    110. 

  110.     if (!isset($_POST['pass']))
    111. 

  111.         $errors .= "Please provide a password in the first field. <br/>";
    112. 

  112. 

  113.     if (!isset($_POST['pass2']))
    114. 

  114.         $errors .= "Please provide a password in the second field. <br/>";
    115. 

  115. 

  116.     if ($errors == "")
    117. 

  117.     {
    118. 

  118.         $account = $_GET['reset'];
    119. 

  119.         $statement = $db->prepare("UPDATE account a INNER JOIN users u SET a.password= ?, dateReg=NOW() WHERE u.account = a.id AND u.account =  AND a.id = ? AND a.username = ?");
    120. 

  120.         $statement->execute(array($sha_pass_hash, $account, $_POST['username']));
    121. 

  121.         $_GET['reset'] = 2;
    122. 

  122.         header("Location: login.php?action=resetpass&reset=2");
    123. 

  123.     }
    124. 

  124.     else
    125. 

  125.         echo $errors."Please go back and try again.";
    126. 

  126. }
    127. 

  127. // Reset Form End
    128. 

  128. // check if the login form is submitted
    129. 

  129. else if (isset($_POST['submit']))
    130. 

  130. {
    131. 

  131.     //Image Verification Start -- Check if string entered matches the md5 hash by the generated string
    132. 

  132.     $number = $_POST['number'];
    133. 

  133.     if (md5($number) != $_SESSION['image_random_value'])
    134. 

  134.         die ('Validation string not valid! Please try again! Click <a href=login.php>here</a> to go back.');
    135. 

  135.     else
    136. 

  136.     {
    137. 

  137.         // if form has been submitted
    138. 

  138.         // makes sure they filled it in
    139. 

  139.         if (!$_POST['username'] | !$_POST['password'])
    140. 

  140.             die('You did not fill in a required field.');
    141. 

  141. 

  142.         // checks it against the database
    143. 

  143.         $statement = $db->prepare("SELECT * FROM account WHERE username= ?");
    144. 

  144.         $statement->execute(array($_POST['username']));
    145. 

  145. 

  146.         //Gives error if user dosen't exist
    147. 

  147.         $check2 = $statement->rowCount();
    148. 

  148.         if ($check2 == 0)
    149. 

  149.             die('That user does not exist in our database. <a href=registration.php>Click Here to Register</a>');
    150. 

  150. 

  151.         $info = $statement->fetch();
    152. 

  152.         $username = $_POST['username'];
    153. 

  153.         $pass = $_POST['password'];
    154. 

  154.         $password = sha1(strtoupper($username) . ":" . strtoupper($pass));
    155. 

  155. 

  156.         //gives error if the password is wrong
    157. 

  157.         if ($password != $info['password'])
    158. 

  158.             die('Incorrect password, please try again. Click <a href="login.php">here</a> to go back.');
    159. 

  159.         else
    160. 

  160.         {
    161. 

  161.             // if login is ok then we add a cookie, allow it for all subfolders and update online status
    162. 

  162.             $hour = time() + 3600;
    163. 

  163.             setcookie('ID_my_site', $username, $hour, "/");
    164. 

  164.             setcookie('Key_my_site', $password, $hour, "/");
    165. 

  165. 

  166.             $statement = $db->prepare("UPDATE account SET online = 1 WHERE username = ? AND type = 0");
    167. 

  167.             $statement->execute(array($username));
    168. 

  168. 

  169.             $check = $db->prepare("SELECT * FROM account WHERE username= ?");
    170. 

  170.             $check->execute(array($username));
    171. 

  171. 

  172.             $info = $check->fetch();
    173. 

  173.             if ($info['type'] ==  0 || 3)
    174. 

  174.                 //then redirect them to the main page
    175. 

  175.                 header("Location: index.php");
    176. 

  176.             if ($info['type'] == 1)
    177. 

  177.                 header("Location: ./employers/index.php");
    178. 

  178.         }
    179. 

  179. 

  180.    }
    181. 

  181. }
    182. 

  182. ?>
    183. 

  183. <html>
    184. 

  184. <head>
    185. 

  185. <title>
    186. 

  186. Log In to JobIsland
    187. 

  187. </title>
    188. 

  188. <!-- CSS START -->
    189. 

  189.   <link rel="stylesheet" type="text/css" href="./includes/invi.css" media="screen"/>
    190. 

  190. <!-- CSS END -->
    191. 

  191. 

  192. <script language="javascript">
    193. 

  193. <!-- redirect script -->
    194. 

  194. function redirectPage()
    195. 

  195. {
    196. 

  196.     document.location.href= "login.php"
    197. 

  197. }
    198. 

  198. </script>
    199. 

  199. </head>
    200. 

  200. 

  201. <body>
    202. 

  202. <!-- Left and Right Side Backgrounds -->
    203. 

  203. <div class="leftbg">
    204. 

  204. <div class="rightbg">
    205. 

  205. 

  206. <!-- Header Start -->
    207. 

  207. <?php
    208. 

  208.     include "./includes/head.php";
    209. 

  209. ?>
    210. 

  210. <!-- Header End -->
    211. 

  211. 

  212. <!-- Left Side Article Start -->
    213. 

  213. <div id="left">
    214. 

  214. <div class="left_articles">
    215. 

  215. <?php
    216. 

  216. if ($_GET['action'] == "resetpass")
    217. 

  217. {
    218. 

  218.     echo '<center><b><p style="font-size: 16;"><a> Password Reset </a></p></b></center>';
    219. 

  219.     echo '<br><p> Please enter your username along with the secret question and your answer to it.';
    220. 

  220.     echo '<br> Once the question and answer has been verified you will be allowed to reset your password.</p>';
    221. 

  221.     echo '<form method="post" action="login.php?action=resetpass">';
    222. 

  222.     echo '<tr>
    223. 

  223.             <td>
    224. 

  224.                 <p style="font-size: 14;">Your Username:</p>
    225. 

  225.                 </td><td>
    226. 

  226. 

  227.                 <input type="text" name="username" maxlength="60" size="40"/>
    228. 

  228.                 </td></tr><br><br>
    229. 

  229. 

  230.                 <tr><td>
    231. 

  231.                 <p style="font-size: 14;">Your Secret Question:</p>
    232. 

  232.                 </td><td>
    233. 

  233. 

  234.                 <input type="text" name="question" maxlength="60" size="40" />
    235. 

  235.                 </td></tr><br><br>
    236. 

  236. 

  237.                 <tr><td>
    238. 

  238.                 <p style="font-size: 14;">Your Secret Answer:</p>
    239. 

  239.                 </td><td>
    240. 

  240. 

  241.                 <input type="text" name="answer" maxlength="60" size="40" />
    242. 

  242.                 </td></tr><br><br>
    243. 

  243. 

  244.                 <tr><th colspan=2>
    245. 

  245. 

  246.                 <input type="submit" name="submit" value="Reset Password" />
    247. 

  247.                 <input type="button" value="Back" onClick="redirectPage()">
    248. 

  248. 

  249. 		</th></tr>
    250. 

  250. 		</table>
    251. 

  251. 		</form><br>
    252. 

  252.    		';
    253. 

  253. }
    254. 

  254. if (($_GET['action'] == "resetpass") && ($_GET['reset'] == 1) && ($_GET['cond'] == 1))
    255. 

  255. {
    256. 

  256.     $user = $_GET['reset'];
    257. 

  257.     echo '<center><b><p style="font-size: 16;"><a> Password Reset </a></p></b></center>';
    258. 

  258.     echo '<p> Please enter your new password. </p>';
    259. 

  259.     echo '<p> The current password will now be overwritten with the new one.</p><br>';
    260. 

  260.     echo '<form method="post" action="login.php?action=resetpass&reset='.$user.'&cond=2">';
    261. 

  261.     echo '<tr>
    262. 

  262.           <td>
    263. 

  263.           <p style="font-size: 14;">Your New Password:</p>
    264. 

  264.           </td>
    265. 

  265.           <td>
    266. 

  266.           <input type="password" name="pass" maxlength="60" size="40" />
    267. 

  267.           </td>
    268. 

  268.           </tr>
    269. 

  269.           <br><br>
    270. 

  270.           <tr>
    271. 

  271.           <td>
    272. 

  272.           <p style="font-size: 14;">Your New Password Again:</p>
    273. 

  273.           </td>
    274. 

  274.           <td>
    275. 

  275.           <input type="password" name="pass2" maxlength="60" size="40" />
    276. 

  276.           </td>
    277. 

  277.           </tr>
    278. 

  278.           <br><br>
    279. 

  279.           <tr><th colspan=2>
    280. 

  280.           <input type="submit" name="submit" value="Reset Password">
    281. 

  281.           </th></tr>
    282. 

  282.           </table>
    283. 

  283.           </form>
    284. 

  284.           ';
    285. 

  285. }
    286. 

  286. if (($_GET['action'] == "resetpass") && ($_GET['reset'] == 2) && ($_GET['cond'] == 3))
    287. 

  287. {
    288. 

  288.     echo '<center><b><p style="font-size: 16;"><a> Password Reset </a></p></b></center>';
    289. 

  289.     echo '<p>Your password has been successfully changed!</p>';
    290. 

  290.     echo '<p>You may now log in using your new password</p>';
    291. 

  291.     echo '<p> Click <a href="login.php">here</a> to login now!</p></center>';
    292. 

  292.     header("Location: logout.php");
    293. 

  293. }
    294. 

  294. else
    295. 

  295. {
    296. 

  296.     echo '
    297. 

  297.         <b><p style="font-size: medium">So, we\'ve heard you\'re looking for a job?</p></b>
    298. 

  298.         <br>
    299. 

  299.         <p style="font-size: small;">
    300. 

  300.         To get to experience the sunny beaches of Job Island you first need to log in. We don\'t want sharks in our waters so we insist on it.
    301. 

  301.         <br>
    302. 

  302.         We\'re sorry but it is needed. Also cookies? They need to be enabled as well.
    303. 

  303.         <br><br>
    304. 

  304.         What? You don\'t have an account? Then hurry up and register <b><a href="registration.php">here!</a></b>
    305. 

  305.         <br><br></p><br>
    306. 

  306.         <b><p style="font-size: medium">Are you an employer? Don\'t have an account yet? Register <a href="./employers/registration.php">here!</a></p></b>
    307. 

  307.         <p style="font-size: small;">        
    308. 

  308.         Want to affiliate your company with our service? Head on over to the <b><a href="faq.php">FAQ section</a></b> to see how.
    309. 

  309.         </p>';
    310. 

  310. }
    311. 

  311. // Reset Pass End
    312. 

  312. ?>
    313. 

  313. </div>
    314. 

  314. </div>
    315. 

  315. <!-- Left Side Article End -->
    316. 

  316. <!-- Right Side Article Start -->
    317. 

  317. <div id="right">
    318. 

  318. <div class="right_articles">
    319. 

  319. <b><p style="font-size: medium" align="center">Log In</p></b>
    320. 

  320. <!-- 2 ways to pass form, using PHP_SELF or just putting in the location and file name. Both works fine. -->
    321. 

  321. <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    322. 

  322. <table border="0" align="center">
    323. 

  323. <tr>
    324. 

  324.     <td>Username: </td>
    325. 

  325.     <td><input type="text" name="username" maxlength="40"></td>
    326. 

  326. </tr>
    327. 

  327. <tr>
    328. 

  328.     <td>Password: </td>
    329. 

  329.     <td><input type="password" name="password" maxlength="50"></td>
    330. 

  330. </tr>
    331. 

  331. <tr>
    332. 

  332.     <td>Image Verification:</td>
    333. 

  333.     <td><input name='number' type="text" id=\'number\''></td>
    334. 

  334. </tr>
    335. 

  335. <tr>
    336. 

  336.     <td colspan="2" align="center"><img alt=''  src='./includes/random_image.php' /></td>
    337. 

  337. </tr>
    338. 

  338. </table>
    339. 

  339. <p style="font-size: small;" align="center">
    340. 

  340. Please enter the string shown in the image above.
    341. 

  341. </p>
    342. 

  342. <br>
    343. 

  343. <center>
    344. 

  344. <tr><td colspan="2" align="center">
    345. 

  345. <input type="submit" name="submit" value="Login">
    346. 

  346. </td></tr>
    347. 

  347. </center>
    348. 

  348. </form>
    349. 

  349. <p style="font-size: small;" align="center">Forgot your password? Click <b><a href="login.php?action=resetpass">here to retrieve it!</a></b>
    350. 

  350. </div>
    351. 

  351. </div>
    352. 

  352. <!-- Right Side Article End -->
    353. 

  353. 

  354. <!-- Footer Start -->
    355. 

  355. <?php
    356. 

  356.     include './includes/footer.php';
    357. 

  357. ?>
    358. 

  358. <!-- Footer End -->
    359. 

  359. </div>
    360. 

  360. </div>
    361. 

  361. </body>
    362. 

  362. </html>
    363. 

  363.