The script is just to log a user in so they can access a control panel for the site.
It's pretty self explanatory I think, but if not you can ask about anything not that I didn't think you would.
Little comments are better than no comments.
Thanks in advance. (I hope)
Code: Select all
<?php
//set counter for number of times a person has logged in unsuccesfully
//loginLimit();
//sets mysql variables
include("/srv/www/mysql.php");
loginSql();
$result = $GLOBALS["result"];
$connection = $GLOBALS["connection"];
//checks if user is remembered
if(isset($_COOKIE["username"]) && isset($_COOKIE["password"]) && isset($_COOKIE["group"]))
{
$user = $_COOKIE["username"];
$pass = $_COOKIE["password"];
$group = $_COOKIE["group"];
$checkSql = "SELECT * FROM `login` WHERE user='$user' AND `password`='$pass' AND `group`='$group'";
print $checkSql;
print "<br />";
$checkResult = mysql_query($checkSql, $connection);
if($checkResult == TRUE)
{
session_name("CP");
session_start();
$_SESSION['user'] = $_COOKIE["username"];
$_SESSION['pass'] = $_COOKIE["password"];
$_SESSION['group'] = $_COOKIE["group"];
session_write_close();
writeLog();
header('Location: CPanel.php');
exit();
}
else
{
header('Location: index.php');
exit();
}
}
//checks if username and or password was input
if ($_REQUEST["username"] == "")
{
if($_REQUEST["password"] == "")
{
writeLog();
loginLimit();
header('Location: index.php?nUoP=1');
//print('No User Name or Password');
}
else
{
writeLog();
loginLimit();
header('Location: index.php?nU=1');
//print('No User');
}
}
else if ($_REQUEST["password"] == "")
{
writeLog();
loginLimit();
header('Location: index.php?nP=1');
//print('No Password');
}
else
{
checkLogin();
}
//checks if username and password inputed were correct
function checkLogin()
{
global $result;
$user = $_REQUEST["username"];
$totalRows = mysql_num_rows($result);
$count = 0;
while($login = mysql_fetch_row($result))
{
if($user == $login[0])
{
if (md5($_REQUEST["password"]) == "$login[1]")
{
$pass = md5($_REQUEST["password"]);
session_name("CP");
session_start();
$_SESSION['user'] = $user;
$_SESSION['pass'] = $login[1];
$_SESSION['group'] = $login[2];
session_write_close();
if($_POST["remember"] == "YES")
{
setcookie("username", $user, time()+60*60*24*100);
setcookie("password", $login[1], time()+60*60*24*100);
setcookie("group", $login[2], time()+60*60*24*100);
}
writeLog();
header('Location: CPanel.php');
}
else
{
writeLog();
loginLimit();
header('Location: index.php?iP=1');
}
}
else
{
$count++;
}
if($count == $totalRows)
{
writeLog();
loginLimit();
header('Location: index.php?iU=1');
}
else
{
}
}
}
//writes login attempt to log
function writeLog()
{
$connection = $GLOBALS["connection"];
$user = $_REQUEST["username"];
$date = date("l dS \of F Y h:i:s A");
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO `login log` VALUES ('$user', '$date', '$ip')";
mysql_query($sql, $connection);
}
//set tries cookie
function loginLimit()
{
if(isset($_REQUEST["tries"]))
{
$tries = $_REQUEST["tries"];
$tries++;
}
else
{
$tries = 1;
}
setcookie("tries", $tries, time() + 500);
}
?>