File: D:/HostingSpaces/SBogers10/verrassendveel.komma.pro/wwwroot/admin/php/login.php
<?php
/*
login.php
Mike Ontwerpt 2012
www.mikeontwerpt.nl
*/
function initLogin(){
$output = '';
if(isset($_POST['submit_login'])){
$output .= validateForm();
}
else{
$output .= getForm();
}
return $output;
}
function getForm(){
/* language */
$siteLabels = getLanguage();
/* output form */
$output = '';
$output .= '<div id="login-holder">';
$output .= '<div id="login-header">';
//subtitle
$output .= '<span class="cp-title">'.strtolower($siteLabels['log-title']).'</span>';
$output .= '</div>';
$output .= '<div id="login-content">';
//show message and then unset
if(isset($_SESSION['feed-msg'])) $output .= $_SESSION['feed-msg'];
if(isset($_SESSION['feed-msg'])) unset($_SESSION['feed-msg']);
//form
$output .= '<form action="" method="post">';
$output .= $siteLabels['log-user'].'<br />';
$output .= '<input type="text" name="user" value="" class="txt" />';
$output .= $siteLabels['log-pass'].'<br />';
$output .= '<input type="password" name="pass" value="" class="txt" />';
$output .= '<input type="submit" name="submit_login" value="'.$siteLabels['log-submit'].'" class="btn176 proceed"/>';
$output .= '</form>';
//remember me
$output .= '<span class="stay-logged"><input type="checkbox" name="autologin" value="autologin" class="cbox"/>'.$siteLabels['log-staylogged'].'</span>';
//i forgot my password
$output .= '<span class="forgot-pass"><a href="./forgot-pass/">'.$siteLabels['log-forgotpass-btn'].'</a></span>';
$output .= '</div>';
$output .= '</div>';
return $output;
}
function validateForm(){
//access the global sql object
global $mysqli;
/* language */
$siteLabels = getLanguage();
//store user in var & session
$user = $_SESSION['log-input']['user'] = $_POST['user'];
//store pass
$pass = $_POST['pass'];
#1 check for empty fields
if(!empty($user) && !empty($pass)){
#2 check for existing user
$query = "SELECT id, user, hash FROM shop_admin WHERE user = '".addslashes($_POST['user'])."'";
if(!$result = $mysqli->query($query)){
//error handling
}
else{
if ($result->num_rows > 0) {
#3 check for correct password
$record = $result->fetch_assoc();
/* SHA256 FOR < PHP 5.3 */
$hash = hash('sha256',$_POST['pass']);
/* BCRYPT WORKS ONLY in PHP 5.3 */
//$hash = crypt($_POST['pass'],$record['hash']);
if($record['hash'] == $hash ){
// login valid!
/* TODO
//autologin ?
if(isset($_POST['autologin'])){
//set cookie for 7 days
$temp = explode('_',$_SESSION['adminstr']);
$adminId = $temp[0];
$series = sha1(session_id());
$token = md5(mcrypt_create_iv(22, MCRYPT_DEV_RANDOM));
$userhash = md5($user);
$value = $series.'|'.$token.'|'.$userhash;
$expire = time()+(3600*24*7);
//set the cooke
setcookie('dk_autologin',$value,$expire,'/','www.deensekroon.nl');
//insert data in database
mysql_query('INSERT INTO shop_autologin_tokens(id, user,session,token,expire)
VALUES ('.$adminId.',"'.$user.'",'.$series.','.$token.','.$expire.')');
}
*/
//create the admin string
$str = $record['id'].'_'.md5($hash);
$_SESSION['adminstr'] = $str;
//give succes feedback
$_SESSION['feed-msg'] = '<span class="fm-suc fm-global"><span class="fm-suc-v">√</span>'.$siteLabels['fm-loginsucces'].'</span>';
//header to the main page
//header('location: ./ ');
}
else {
//feedback pass incorrect
$_SESSION['feed-msg'] = '<span class="fm-err"><span class="fm-err-x">×</span>'.$siteLabels['fm-incorrectpass'].'</span>';
return getForm();
}
}
else {
//feedback user incorrect
$_SESSION['feed-msg'] = '<span class="fm-err"><span class="fm-err-x">×</span>'.$siteLabels['fm-incorrectuser'].'</span>';
return getForm();
}
}
}
else{
//feedback fill in both fields
$_SESSION['feed-msg'] = '<span class="fm-err"><span class="fm-err-x">×</span>'.$siteLabels['fm-emptybothfields'].'</span>';
return getForm();
}
}
?>