Last active
August 29, 2015 14:05
-
-
Save cxdy/6c7d523a71868e59930c to your computer and use it in GitHub Desktop.
My login function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function login($email, $password, $mysqli) { | |
// Prepared Statements make me happy :) | |
if ($stmt = $mysqli->prepare("SELECT id, username, password, salt | |
FROM members | |
WHERE email = ? | |
LIMIT 1")) { | |
$stmt->bind_param('s', $email); | |
$stmt->execute(); | |
$stmt->store_result(); | |
// get vars from result | |
$stmt->bind_result($user_id, $username, $db_password, $salt); | |
$stmt->fetch(); | |
// hash the password | |
$password = hash('sha512', $password . $salt); | |
if ($stmt->num_rows == 1) { | |
// Check if account locked | |
if($checkbrute($user_id, $mysqli) == true) { | |
// Account disabled | |
return false; | |
} else { | |
if ($db_password == $password) { | |
// Correct password | |
$user_browser = $_SERVER['USER_HTTP_AGENT']; | |
$user_id = preg_replace("/[^0-9]+/", "", $user_id); | |
$_SESSION['user_id'] = $user_id; | |
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", | |
"", | |
$username); | |
$_SESSION['username'] = $username; | |
$_SESSION['login_string'] = hash('sha512', | |
$password . $user_browser); | |
// login successful | |
return true; | |
} else { | |
// Incorrect password | |
$now = time(); | |
$mysqli->query("INSERT INTO login_attempts(user_id, time) | |
VALUES ('$user_id', '$now')"); | |
return false; | |
} | |
} | |
} else { | |
// no user exists | |
return false; | |
} | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment