HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers10/komma-mediadesign.nl/wwwroot/beheer/app/models/
Upload Files
File: D:/HostingSpaces/SBogers10/komma-mediadesign.nl/wwwroot/beheer/app/models/m_login.php
<?php

/* 
	Login // model
	
	Handles all tasks regarding the user login

*/

class Login
{
	private $_mysqli, $_template;
	
	public function __construct()
	{
		global $mysqli, $template;
		$this->_mysqli = $mysqli;
		$this->_template = $template;
	}

	/**
	* Checks whether a user is logged in using a session string.
	*
	* @access public
	* @param 
	* @return boolean
	*/
	public function checkLogin()
	{
		$valid = FALSE;
		if(isset($_SESSION['admin_string']))
		{
			if(time() - $_SESSION['login_time'] < 6000){ 
				if($result = $this->_mysqli->query('SELECT id, hash FROM mo_admin'))
				{
					while($row = $result->fetch_assoc())
					{
						$string = $row['id'].'_'.md5($row['hash']);
						if($string == $_SESSION['admin_string'])
						{
							$valid = TRUE;
						}
					}			
				}	
			}
			else
			{
				unset($_SESSION['admin_string']);
				$this->_template->setAlert('Uw loginsessie is verlopen, voert u opnieuw uw gegevens in','warning');
			}		
		}
		return $valid;
	}
	
	/**
	* Returns a TRUE/FALSE depending on whether a user enters the right username and password.
	*
	* @access public 
	* @param string, string
	* @return boolean
	*/
	public function validateLogin($user, $pass)
	{
		$valid = FALSE;
		if( ! empty($user) && ! empty($pass))
		{
			if($st = $this->_mysqli->prepare('SELECT id, user, hash FROM mo_admin WHERE user = ?'))
			{
				$st->bind_param('s',$user);
				$st->execute();
				$st->store_result();
				
				$st->bind_result($userId, $userName, $userHash);
				$st->fetch();
				
				if($st->num_rows > 0)
				{
					$newHash = crypt($pass, $userHash);
					if($newHash == $userHash)
					{
						$valid = TRUE;
						$_SESSION['admin_string'] = $userId.'_'.md5($userHash);
						$_SESSION['login_time'] = time();
						$_SESSION['admin_name'] = $userName;
						$this->_template->setAlert('Uw bent succesvol ingelogd');
						
					}
					else
					{
						$this->_template->setAlert('Uw gebruikersnaam of wachtwoord is incorrect.','error');	
					}
				}
				else 
				{
					$this->_template->setAlert('Uw gebruikersnaam of wachtwoord is incorrect.','error');	
				}
			}
			else
			{
				$this->_template->setAlert('Er is een fout opgetreden, probeert u het opnieuw.','error');	
			}
		}
		else 
		{
			$this->_template->setAlert('U dient beide velden in te vullen.','warning');	
		}
		return $valid;		
	}

	/**
	* Unsets the session and redirect to the login page
	*
	* @access public
	* @param
	* @return null
	*/
	public function logOut()
	{
		unset($_SESSION['admin_string']);
		$this->_template->setAlert('Uw bent succesvol uitgelogd');
		$this->_template->redirect(SITE_ROOT);
	}
}
@ Telegram