query('SELECT * FROM users'); while ($line = $DatabaseQuery->fetchArray()) { if ($line['username'] == htmlspecialchars($_REQUEST['username']) && htmlspecialchars($_REQUEST['username']) != "" && password_verify(htmlspecialchars($_REQUEST['password']), $line['password'])) { $Username = $line['username']; $Password = $line['password']; $Key = $line['key']; $id = $line['id']; // update last usage if ($storeLastUsage || $storeLastUsage == "true") { $lastUsed = date($dateFormat); $Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'"); } // update IP address if ($storeIP || $storeIP == "true") { $ip = getIPAddress(); $Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'"); } // update user agent if ($storeAgent || $storeAgent == "true") { $userAgent = getUserAgent(); $Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'"); } if ($line['key'] == "") { $Key = hash('sha256', rand()); $Database->exec("UPDATE users SET key='$Key' WHERE id='$id'"); } $Authorized = 1; $userType = $line['usertype']; break; } } if ($Authorized != 1) { if ($Redirect != "") { // just so we can try again and still be redirected to the right place header("Location: login.php?e=true&redir=$Redirect"); } else { header("Location: login.php?e=true"); } die(); } $_SESSION['type'] = $userType; $_SESSION['username'] = $Username; $_SESSION['password'] = $Password; setcookie('username', $Username, time() + ((86400 * 30) * 30), "/"); setcookie('key', $Key, time() + ((86400 * 30) * 30), "/"); if ($Redirect != "") { // just so we can try again and still be redirected to the right place header("Location: login.php?e=true&redir=$Redirect"); } else { header("Location: login.php?e=true"); } die(); } else if (isset($_COOKIE['username']) && isset($_COOKIE['key'])) { $Database = createTables($sqlDB); $DatabaseQuery = $Database->query('SELECT * FROM users'); while ($line = $DatabaseQuery->fetchArray()) { if (htmlspecialchars($_COOKIE['username']) == $line['username'] && htmlspecialchars($_COOKIE['key']) == $line['key']) { $Username = $line['username']; $Password = $line['password']; $Key = $line['key']; $id = $line['id']; // update last usage if ($storeLastUsage || $storeLastUsage == "true") { $lastUsed = date($dateFormat); $Database->exec("UPDATE users SET lastused='$lastUsed' WHERE id='$id'"); } // update IP address if ($storeIP || $storeIP == "true") { $ip = getIPAddress(); $Database->exec("UPDATE users SET ip='$ip' WHERE id='$id'"); } // update user agent if ($storeAgent || $storeAgent == "true") { $userAgent = getUserAgent(); $Database->exec("UPDATE users SET useragent='$userAgent' WHERE id='$id'"); } $Authorized = 1; $userType = $line['usertype']; break; } } $_SESSION['type'] = $userType; $_SESSION['username'] = $Username; $_SESSION['password'] = $Password; if ($Authorized != 1) { if ($Redirect != "") { // just so we can try again and still be redirected to the right place header("Location: login.php?e=true&redir=$Redirect"); } else { header("Location: login.php?e=true"); } die(); } header("Location: /"); die(); } else { $html = ""; $html = printHeader($html, 0); $html .= "\t\t\t

Login

\n"; $html .= "\t\t\t\t

Enter your username and password to continue.

\n"; $html .= "\t\t\t\t
\n"; $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\t\n"; if (isset($Redirect)) $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\t\n"; $html .= "\t\t\t\t\t

\n"; $html .= "\t\t\t\t\t
\n"; $html .= "\t\t\t\t
\n"; if (isset($_REQUEST['e']) && $_REQUEST['e'] == "true") { session_unset(); session_destroy(); $html .= "\t\t\t\t

Invalid username or password.

\n"; } $html = printFooter($html); print "$html"; } ?>