GRMrGecko
/
ImageDatabase
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
An PHP based Image Database
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
340 KiB
Tree: c94bdc878f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c94bdc878f'
${ noResults }
ImageDatabase/code/login.php

52 lines
2.3 KiB
Raw Normal View History

Image Database Start
11 years ago
Added new password system to strengthen passwords against brute force attacks.
11 years ago
Image Database Start
11 years ago
  1. <?
  2. //
  3. // Copyright (c) 2013 Mr. Gecko's Media (James Coleman). http://mrgeckosmedia.com/
  4. //
  5. // Permission to use, copy, modify, and/or distribute this software for any purpose
  6. // with or without fee is hereby granted, provided that the above copyright notice
  7. // and this permission notice appear in all copies.
  8. //
  9. // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
  10. // REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
  11. // FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT,
  12. // OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
  13. // DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
  14. // ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15. //
  16. $error = "";
  17. if (isset($_REQUEST['login'])) {
  18. $email = (isset($_REQUEST['email']) ? trim($_REQUEST['email']) : "");
  19. $password = (isset($_REQUEST['password']) ? trim($_REQUEST['password']) : "");
  21. $result = databaseQuery("SELECT * FROM users WHERE email=%s AND level!=0", $email);
  22. $user = databaseFetchAssoc($result);
  23. if ($user==NULL) {
  24. $error = "Invalid login credentials.";
  25. } else {
  26. $salt = substr($user['password'], 0, 12);
  27. $epassword = $salt.hashPassword($password,hex2bin($salt));
  28. if ($epassword!=$user['password']) {
  29. $error = "Invalid login credentials.";
  30. } else {
  31. databaseQuery("UPDATE users SET time=%d WHERE email=%s", $_MGM['time'], $email);
  32. setcookie("{$_MGM['CookiePrefix']}user_email", $email, $_MGM['time']+31536000, $_MGM['CookiePath'], $_MGM['CookieDomain']);
  33. setcookie("{$_MGM['CookiePrefix']}user_password", hash("sha512", $epassword.$_MGM['time']), $_MGM['time']+31536000, $_MGM['CookiePath'], $_MGM['CookieDomain']);
  34. header("location: ".generateURL());
  35. exit();
  36. }
  37. }
  38. }
  39. require_once("header.php");
  40. if (!empty($error)) {
  41. ?><div style="color: #ff0000; font-weight: bold;"><?=$error?></div><?
  42. }
  43. ?>
  44. <form action="<?=generateURL("login")?>" method="POST">
  45. <input type="hidden" name="login" value="true" />
  46. <input type="text" placeholder="Email" name="email" /><br />
  47. <input type="password" placeholder="Password" name="password" /><br />
  48. <input type="submit" value="Login" class="btn" />
  49. </form>
  50. <?
  51. require_once("footer.php");
  52. exit();
  53. ?>