File: /home/mckernan/public_html/iJournal/includes/session/login.php
<?php
// user log-in
usleep(500000);
// set database name
$database = DB_PREFIX . 'system';
// process request
if ($sid != '')
{
// open db connection
require "includes/db.php";
// validate session / die if necessary
$sid = $db->real_escape_string($sid);
$query = "UPDATE sessions SET ses_refresh = NOW() WHERE ses_id = '" . $sid . "' AND ISNULL(ses_end)";
if ($result = $db->query($query))
{
if ($db->affected_rows != 1)
{
die();
}
}
else
{
die();
}
// init return value
$rv = '<root>' . PHP_EOL;
$rv .= '<session>' . PHP_EOL;
// get username / password
$user = '';
$pwd = '';
if (isset($_POST['u'])) $user = $_POST['u'];
if (isset($_POST['p'])) $pwd = $_POST['p'];
// validate user
$uid = -1;
$displayname = '';
if ($user != '' && $pwd != '')
{
$user = $db->real_escape_string($user);
$pwd = hashUserPwd($pwd);
$query = "SELECT usr_id as id, usr_displayname as display FROM users WHERE usr_inname = '" . $user . "' AND usr_password = '" . $pwd . "' AND usr_active = 1";
if ($result = $db->query($query))
{
if ($db->affected_rows == 1)
{
$row = $result->fetch_assoc();
$uid = $row['id'];
$displayname = $row['display'];
// log user-session
$query = "INSERT INTO user_sessions (use_session, use_ip, use_user, use_login) VALUES ('" .
$sid . "', '" . $_SERVER['REMOTE_ADDR'] . "', " . $uid . ", NOW())";
$db->query($query);
}
else
{
// log failed attempt
$query = "INSERT INTO failed_logins (fal_datetime, fal_sid, fal_user, fal_ip) VALUES ( NOW(), '" .
$sid . "', '" . $user . "', '" . $_SERVER['REMOTE_ADDR'] . "')";
$db->query($query);
}
}
}
$rv .= '<uid>' . $uid . '</uid>' . PHP_EOL;
$rv .= '<uname>' . $displayname . '</uname>' . PHP_EOL;
$rv .= '</session>' . PHP_EOL;
$rv .= '</root>' . PHP_EOL;
// return data
echo $rv;
die;
}
else
{
header('Server: ');
header('X-Powered-By: ');
header("HTTP/1.0 404 Not Found");
}
?>