ZVnF1hxv

· 6 years ago · Nov 10, 2018, 12:02 PM
1<?php
2require("./../mysql_handler.php");
3require("./../json.php");
4
5session_start();
6
7/* Get the username and password */
8$username = $_POST["username"];
9$password = $_POST["password"];
10
11/* Check if they are set */
12if (!isset($username) || !isset($password)) {
13	disconnect();
14	
15	printJson(false, "Username or password aren't set.", null);
16	exit();
17}
18
19/* Make sure that the values are secure */
20//$password = hash('sha256', 'abcdefghijklmnopqrstuvwxyz1234567890' . $password);
21
22$username = stripslashes($username);
23$password = stripslashes($password);
24$username = mysqli_real_escape_string($conn, $username);
25$password = mysqli_real_escape_string($conn, $password);
26
27/* Check if the values are correct */
28$sql = "SELECT * FROM members WHERE username='" . $username . "' and password='" . $password . "'";
29$data = query($sql);
30
31// TODO - Implement rate limiting.
32
33/* Invalid login */
34if ($data->num_rows != 1) {
35	disconnect();
36	
37	$_SESSION["loggedIn"] = false;
38	
39	printJson(false, "Incorrect username or password", null);
40	exit();
41}
42
43while($row = $data->fetch_assoc()) {
44	$oauth = $row["oauth"];
45}
46
47/* Valid login */
48// YOU NEED TO CHANGE THESE SESSION VARIABLES
49$_SESSION["username"] = $username;
50$_SESSION["loggedIn"] = true;
51
52/* Make new token if not set */
53$sql = "SELECT oauth FROM members WHERE username='$username'";
54$data = query($sql);
55
56if ($data->num_rows != 1) {
57	$token = bin2hex(openssl_random_pseudo_bytes(32));
58	
59	$sql = "UPDATE members SET oauth='$token' WHERE username='$username'";
60	query($sql);
61}
62
63while($row = $data->fetch_assoc()) {
64	$t = $row["oauth"];
65	if (strlen($t) != 64) {
66		$token = bin2hex(openssl_random_pseudo_bytes(32));
67		
68		$sql = "UPDATE members SET oauth='$token' WHERE username='$username'";
69		query($sql);
70	}
71}
72
73$sql = "SELECT oauth FROM members WHERE username='$username'";
74$data = query($sql);
75
76while($row = $data->fetch_assoc()) {
77	$token = $row["oauth"];
78}
79
80disconnect();
81
82setcookie("token", $token, time() + 31536000, '/');
83printJson(true, "Successfully logged in.", null);
84
85exit();
86
87?>