CS479/579
Home
Course Info
Contact
Course materials
Lessons
Class Code
Assignments
Exercises
Resources
Links
Logo  

CS479/579 - Web Programming II

Displaying ./code/Sessions/login.php 

<?php
include "config.php";
include "auth.php";
$error = null;

// function createSID()
// {
//   // 6 bits worth of character data:
//   $cookie_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-@";
//
//   $len = strlen($cookie_chars)-1;
//   $sid = "";
//   // Loop to generate 126 bits of randomness as a string:
//   for ($i = 0; $i < 21; $i++)
//     $sid .= $cookie_chars[rand(0, $len)];
//
//   return $sid;
// }
//
// function newsession($username, $stayloggedin)
// {
//   global $myconn;
//
//   // You can use: 2147483647 for the end of time (sometime in 2038):
//   $expire = $stayloggedin? time() + 60*60*24*365 : 0;
//
//   setcookie("MY_SESSION", $sid = createSID(), $expire);
//   $stmt = $myconn->prepare("insert into session (sid, username, ipaddr, expire) values (?, ?, ?, ?)");
//   $addr = $_SERVER['REMOTE_ADDR'];
//   $stmt->bind_param("sssi",$sid, $username, $addr, $expire);
//   $stmt->execute();
//   $stmt->close();
// }

$auth = new Auth();

if (isset($_POST['username'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
  $stayloggedin = $_POST['stayloggedin'] == "on";

  $stmt = $myconn->prepare("SELECT password FROM user WHERE username=?");
  $stmt->bind_param("s", $username);
  $stmt->bind_result($pwhash);
  $stmt->execute();

  if ($stmt->fetch()) {
    $stmt->close();
    $pos = strrpos($pwhash, "$");
    if ($pos == false) header("location: login.php");
    $salt = substr($pwhash, 0, $pos);

    $hash = crypt($password, $salt);
    if ($hash == $pwhash) {
      $auth->newsession($username, $stayloggedin);
      header("location: authenticated.php");
    } else {
      $error = "Username/password not found.";
    }
  } else $error = "Username/password not found.";
}
?>
<!DOCTYPE html>
<html>
<head>
 <title> Login form </title>
 <meta charset='utf-8'>
</head>
<body>
<h1> Login here </h1>
<?php
  if ($error != null) echo "<h3>$error</h3>";
?>
<form method=POST>
<table>
 <tr><td> Username: <td> <input type='text' name='username'>
 <tr><td> Password: <td> <input type='password' name='password'>
 <tr><td><td>
   <input type='submit' value='Log-in'>
   <input type='checkbox' name='stayloggedin' value='on'> Stay logged in
</table>
</form>
</html>