صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
Tankernn
/
tankernn-eu
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
درخت: 8e4d2c45b6
شاخه‌ها تگ‌ها
tankernn-eu
/
login
/
check_login.php

check_login.php 1.7 KB
تاريخچه خام

12345678910111213141516171819202122232425262728293031323334353637383940414243 
  1. <?php
    2. 

  2. 	require "app.php";
    3. 

  3. 	if (isset($_POST['user'])) {
    4. 

  4. 		$username = $_POST['user'];
    5. 

  5. 		$query = $conn->query("SELECT * FROM Users WHERE User='$username'") or header("Location: ../?wronglogin");
    6. 

  6. 		$row = $query->fetch_array();
    7. 

  7. 		if (password_verify($_POST['pass'], $row['Password'])) {
    8. 

  8. 			if (empty($row['Email'])) { // Unconfirmed E-mail
    9. 

  9. 				$mess = new Message("You have not confirmed your e-mail address yet. Please do so before logging in.", "warning");
    10. 

  10. 				queue_message($mess);
    11. 

  11. 			} else {
    12. 

  12. 				$ips = json_decode($row['Addresses'], true);
    13. 

  13. 				if (in_array($_SERVER["REMOTE_ADDR"], $ips)) {
    14. 

  14. 					// Everything is fine, log in
    15. 

  15. 					$_SESSION['user'] = $row['User'];
    16. 

  16. 					$_SESSION['permissions'] = $row['Permissions'];
    17. 

  17. 					$_SESSION['userid'] = $row['UID'];
    18. 

  18. 					queue_message(new Message("Successfully logged in.", "success"));
    19. 

  19. 				} else { // New IP
    20. 

  20. 					$mess = new_activation($username, "Addresses", $_SERVER["REMOTE_ADDR"]);
    21. 

  21. 					queue_message($mess);
    22. 

  22. 				}
    23. 

  23. 			}
    24. 

  24. 		} else { // Password incorrect
    25. 

  25. 			$message = "Someone has failed to login to your account on " . Config::$sitename . ". They were using the password: " . htmlspecialchars($_POST['pass'] . "Their IP: " . $_SERVER['REMOTE_ADDR']);
    26. 

  26. 			mail($row['Email'], "Failed login attempt", $message);
    27. 

  27. 			queue_message(new Message("Incorrect password, the account owner has been notified.", "danger"));
    28. 

  28. 		}
    29. 

  29. 		if (isset($_POST['redirect'])) {
    30. 

  30. 			$redirect = $_POST['redirect'];
    31. 

  31. 			if (preg_match("/^https?:\/\/(\w*\.)?tankernn\.eu/i", $redirect) === 1 or preg_match("/^\.?\.?\//i", $redirect) === 1) {
    32. 

  32. 				header("Location: $redirect");
    33. 

  33. 			}
    34. 

  34. 			echo "Invalid redirect URL: " . htmlspecialchars($redirect);
    35. 

  35. 		} else {
    36. 

  36. 			echo "Successfully logged in.";
    37. 

  37. 		}
    38. 

  38. 	}
    39. 

  39. 	else {
    40. 

  40. 		echo "No login data present.";
    41. 

  41. 	}
    42. 

  42. 

  43. ?>
    44.