Code: |
<?php session_start(); if ($_POST['password']) { //Connect to the database include_once "db_connect.php"; $email = stripslashes($_POST['payer_email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); $password = preg_replace("/[^A-Za-z0-9]/", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all relevant database data into SESSION variables. $sql = mysql_query("SELECT * FROM sec_tblusers WHERE payer_email='$email' AND password='$password' AND signedup='1'") or die("failed"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Get member data into a session variable $id = $row["recid"]; session_register('recid'); $_SESSION['recid'] = $id; $payer_email = $row["payer_email"]; session_register('payer_email'); $_SESSION['payer_email'] = $payer_email; $password = $row["password"]; session_register('password'); $_SESSION['password'] = $password; $iv = $row["iv"]; session_register('iv'); $_SESSION['iv'] = $iv; $signedup = $row["signedup"]; session_register('signedup'); $_SESSION['signedup'] = $signedup; $lastlogin = $row["lastlogin"]; session_register('lastlogin'); $_SESSION['lastlogin'] = $lastlogin; // Update last_log_date field for this member now mysql_query("UPDATE sec_tblusers SET lastlogin=now() WHERE recid='$id'"); // Print success message here then exit the script //header("location: member_profile.php?id=$id"); header("location: adduser.php?id=$id"); exit(); } // close while } else { // Print login failure message to the user and link them back to your login page print '<br /><br /><font color="#FF0000">You do not show in our records as a subscriber. Has the subscription expired?</font><br /> <br /><a href="../main.php">Click here</a> to go back.'; exit(); } }// close if post ?> |
Code: |
<?php
//--------------------------------------- //Given the payer_email address, return the decrypted password function getpassword($payer_email, $dbhost, $dbusername, $dbpass, $dbname, $dbprefix, &$message) { $dl = new DataLayer(); $dl->debug=false; $dl->connect( $dbhost, $dbusername, $dbpass, $dbname ) or die ( "Database connection error " . $dl->geterror() ); //SELECT password, iv FROM sec_tblusers WHERE payer_email = '" . $payer_email . "'" $cols = array("password", "iv"); $table = $dl->select( $dbprefix."sec_tblusers", "", $cols, "payer_email = '$payer_email'", "" ); if ($dl->geterror()) { $message = "SQL error - user.php ref 58 " . $dl->geterror(); exit; } $IV = $table[0]['iv']; $password = $table[0]['password']; $decryption = new password($IV, $password); $decryption->decode(); $decode = $decryption->getdecodedtext(); return $decode; } //------------------------------------ ?> |
Code: |
-- Table structure for table `sec_tblusers`
-- CREATE TABLE `sec_tblusers` ( `recid` int(11) NOT NULL AUTO_INCREMENT, `payer_email` varchar(100) NOT NULL, `password` varchar(50) DEFAULT NULL, `iv` int(11) DEFAULT NULL, `signedup` int(11) NOT NULL DEFAULT '0', `signupdate` datetime NOT NULL, `lastlogin` datetime NOT NULL, PRIMARY KEY (`recid`), UNIQUE KEY `payer_email` (`payer_email`), KEY `password` (`password`), KEY `signedup` (`signedup`), KEY `lastlogin` (`lastlogin`), KEY `signupdate` (`signupdate`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ; -- -- Dumping data for table `sec_tblusers` -- INSERT INTO `sec_tblusers` (`recid`, `payer_email`, `password`, `iv`, `signedup`, `signupdate`, `lastlogin`) VALUES (5, 'someone@gmail.com', 'cRbeAWgN3 ', 316, 1, '0000-00-00 00:00:00', '2010-11-10 22:29:06'), (6, 'someoneelse@gmail.com', 'cRbeAWgN3 ', 269, 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00'); |
output generated using printer-friendly topic mod, All times are GMT + 2 Hours