cxdy/login function.php

## login function.php
<?php
function login($email, $password, $mysqli) {
  // Prepared Statements make me happy :)
  if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
  FROM members
  WHERE email = ?
  LIMIT 1")) {
    $stmt->bind_param('s', $email);
    $stmt->execute();
    $stmt->store_result();

    // get vars from result
    $stmt->bind_result($user_id, $username, $db_password, $salt);
    $stmt->fetch();

    // hash the password
    $password = hash('sha512', $password . $salt);
    if ($stmt->num_rows == 1) {
      // Check if account locked
      if($checkbrute($user_id, $mysqli) == true) {
        // Account disabled
        return false;
      } else {
        if ($db_password == $password) {
          // Correct password
          $user_browser = $_SERVER['USER_HTTP_AGENT'];
          $user_id = preg_replace("/[^0-9]+/", "", $user_id);
          $_SESSION['user_id'] = $user_id;
          $username = preg_replace("/[^a-zA-Z0-9_\-]+/",
                                                                "",
                                                                $username);
          $_SESSION['username'] = $username;
          $_SESSION['login_string'] = hash('sha512',
                    $password . $user_browser);
          // login successful
          return true;
        } else {
          // Incorrect password
          $now = time();
          $mysqli->query("INSERT INTO login_attempts(user_id, time)
                                    VALUES ('$user_id', '$now')");
          return false;
        }
      }
    } else {
      // no user exists
      return false;
    }
  }
}
?>
	<?php
	function login($email, $password, $mysqli) {
	// Prepared Statements make me happy :)
	if ($stmt = $mysqli->prepare("SELECT id, username, password, salt
	FROM members
	WHERE email = ?
	LIMIT 1")) {
	$stmt->bind_param('s', $email);
	$stmt->execute();
	$stmt->store_result();

	// get vars from result
	$stmt->bind_result($user_id, $username, $db_password, $salt);
	$stmt->fetch();

	// hash the password
	$password = hash('sha512', $password . $salt);
	if ($stmt->num_rows == 1) {
	// Check if account locked
	if($checkbrute($user_id, $mysqli) == true) {
	// Account disabled
	return false;
	} else {
	if ($db_password == $password) {
	// Correct password
	$user_browser = $_SERVER['USER_HTTP_AGENT'];
	$user_id = preg_replace("/[^0-9]+/", "", $user_id);
	$_SESSION['user_id'] = $user_id;
	$username = preg_replace("/[^a-zA-Z0-9_\-]+/",
	"",
	$username);
	$_SESSION['username'] = $username;
	$_SESSION['login_string'] = hash('sha512',
	$password . $user_browser);
	// login successful
	return true;
	} else {
	// Incorrect password
	$now = time();
	$mysqli->query("INSERT INTO login_attempts(user_id, time)
	VALUES ('$user_id', '$now')");
	return false;
	}
	}
	} else {
	// no user exists
	return false;
	}
	}
	}
	?>