ImageDatabase/code/login.php

53 lines
2.3 KiB
PHP
Raw Normal View History

2013-06-02 16:33:42 -05:00
<?
//
// Copyright (c) 2013 Mr. Gecko's Media (James Coleman). http://mrgeckosmedia.com/
//
// Permission to use, copy, modify, and/or distribute this software for any purpose
// with or without fee is hereby granted, provided that the above copyright notice
// and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
// FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT,
// OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
// DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
// ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
//
$error = "";
if (isset($_REQUEST['login'])) {
$email = (isset($_REQUEST['email']) ? trim($_REQUEST['email']) : "");
$password = (isset($_REQUEST['password']) ? trim($_REQUEST['password']) : "");
$result = databaseQuery("SELECT * FROM users WHERE email=%s AND level!=0", $email);
$user = databaseFetchAssoc($result);
if ($user==NULL) {
$error = "Invalid login credentials.";
} else {
$salt = substr($user['password'], 0, 12);
$epassword = $salt.hash("sha512", $salt.hash("sha512", $password));
if ($epassword!=$user['password']) {
$error = "Invalid login credentials.";
} else {
databaseQuery("UPDATE users SET time=%d WHERE email=%s", $_MGM['time'], $email);
setcookie("{$_MGM['CookiePrefix']}user_email", $email, $_MGM['time']+31536000, $_MGM['CookiePath'], $_MGM['CookieDomain']);
setcookie("{$_MGM['CookiePrefix']}user_password", hash("sha512", $epassword.$_MGM['time']), $_MGM['time']+31536000, $_MGM['CookiePath'], $_MGM['CookieDomain']);
header("location: ".generateURL());
exit();
}
}
}
require_once("header.php");
if (!empty($error)) {
?><div style="color: #ff0000; font-weight: bold;"><?=$error?></div><?
}
?>
<form action="<?=generateURL("login")?>" method="POST">
<input type="hidden" name="login" value="true" />
<input type="text" placeholder="Email" name="email" /><br />
<input type="password" placeholder="Password" name="password" /><br />
<input type="submit" value="Login" class="btn" />
</form>
<?
require_once("footer.php");
exit();
?>