Thread: account-login
View Single Post
  #1  
Old 14th June 2018, 03:28
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default account-login
hey guys I am just fiddling with code with a helping hand from https://www.w3schools.com/php/php_form_validation.asp


here is what I got so far ( not tested yet )
Code:
 <?php
//
//  TorrentTrader v2.x
//      $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $
//      $LastChangedBy: torrenttrader $
//
//      http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();



 function spesh_input($data) {
 $data = trim($data);
 $data = stripslashes($data);
 $data = htmlspecialchars($data);
 return $data;
}

if($_SERVER["REQUEST_METHOD"] == "POST") {
 $username = spesh_input($_POST["username"]);
 $password = spesh_input($_POST["password"]);
}

$password = passhash($password);

if(!empty($username) && !epmty($password)) {
    
$res = mysqli_query("SELECT id,password,secret,status,enabled
                     FROM users
                     WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
$row = mysqli_fetch_assoc($res);

if(!$row || $row["password"] != $password){
  $message = T_("LOGIN_INCORRECT");    
} elseif($row["status"] == "pending"){
  $message = T_("ACCOUNT_PENDING");  
} elseif($row["enabled"]) == "no"){
    $message = T_("ACCOUNT_DISABLED");
} else {
 $message = T_("NO_EMPTY_FIELDS");     
}

if(!$message) {
logincookie($row["id"},$row["password"],$row["secret"]);    
 if(!empty($_POST["returnto"])){
   header("Refresh:0;url=".$_POST["returnto"]);
   die();   
 } else {
  header("Refresh:0;url=index.php");
  die();  
 }     
} else {
  show_error_msg(T_("ACCESS_DENIED"), $message, 1);
 }
}
logoutcookie();
Reply With Quote