Location: PHPKode > projects > JaxBlog > JaxBlog/app/user/user_login/user_login.php
<?php

require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');

session_start();
$request = isset($_GET['request']) ? $_GET['request'] : '';

if ($request == 'xml') {
	
	header('Content-Type: text/xml');
	$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
	
	$forgotpassword = isset($_GET['forgotpassword']) ? $_GET['forgotpassword'] : '';
	
	if ($forgotpassword == 'Y') {
		$username = isset($_GET['loginu']) ? $_GET['loginu'] : '';
		if ($username == '') {
			$xml .= "<root>Error: Please enter your email address or username in the username field</root>\n";
			echo $xml;
			exit;
		}
		
		// If the account does not exist, no reason to email, but report back to the webpage as if it did exist.
		if ($username == 'text') {
			// Do something here, like email the admin or the user directly.
		}
		
		$xml .= "<root>The site administrator has been notified and will contact you with your new password shortly</root>\n";
		echo $xml;
		exit;
	}
	
	$authenticated = isset($_SESSION['username']) ? 1 : 0;
	if ($authenticated) {
		$xml .= "<root>You are logged in as " . $_SESSION['username'] . "</root>\n";
		echo $xml;
		exit;
	}
	
	$show_first_time = isset($_SESSION['show_first_time']) ? $_SESSION['show_first_time'] : 0;
	$username        = isset($_GET['loginu']) ? $_GET['loginu'] : '';
	$password        = isset($_GET['loginp']) ? $_GET['loginp'] : '';
	
	if ($username == '' && $password == '') {
		if ($show_first_time) {
			$xml .= "<root>Since this is your first time logging in, please choose the username you would like to use and a new password</root>\n";
		} else {
//			$xml .= "<root>Please enter username and password to login</root>\n";
			$xml .= "<root></root>\n";
		}
		echo $xml;
		exit;
	}
	
	if ($username == '' || $password == '') {
		$xml .= "<root>Error: Missing username or password</root>\n";
		echo $xml;
		exit;
	}
	
	if ($show_first_time == 0) {
		
		// Look the user up.
		$password = md5("jaxblog" . $password); // add a little salt to the password prior to hashing it
		$sql = "SELECT id FROM Users WHERE (username = ? OR ( email = ? AND first_time = 'Y')) AND password = ?";
		$user_id = databaseGetValue($sql, array($username, $username, $password));
		
		if (isset($user_id) && $user_id != 0) {
			// First time through user logs in with email address and temp password.
			// So ask them for a permanent username and password.
			$is_first_time = databaseGetValue('SELECT first_time FROM Users WHERE id = ?', array($user_id));
			if (isset($is_first_time) && $is_first_time == 'Y') {
				$_SESSION['show_first_time'] = 1;
				$_SESSION['user_id'] = $user_id;
				$xml .= "<root>Since this is your first time logging in, please choose the username you would like to use and a new password</root>\n";
			} else {
				$_SESSION['username'] = $username;
				$_SESSION['user_id']  = $user_id;
				$xml .= "<root>Success logging in as " . $_SESSION['username'] . "</root>\n";
			}
		} else {
			sleep(3);
			$xml .= "<root>Error: User not found in system or password is incorrect</root>\n";
		}
	} else {
		
		// Username must be at least seven characters and at most 12.
		if (strlen($username) < 7 || strlen($username) > 12) {
			$xml .= "<root>Error: New username must be between seven and 12 characters in length</root>\n";
			echo $xml;
			exit;
		}
		
		// Test to see if the new password is strong enough to save off.
		$score = passwordScore($password);
		if ($score < 2) {
			$xml .= "<root>Error: New password must be seven characters in length and contain letters and numbers</root>\n";
			echo $xml;
			exit;
		}
		
		// Store the new username and password.
		$password = md5("jaxblog" . $password); // add a little salt to the password prior to hashing it
		$sql = 'UPDATE Users SET username = ?, password = ?, first_time = ? WHERE id = ?';
		databaseExecute($sql, array($username, $password, 'N', $_SESSION['user_id']));
		
		$_SESSION['username'] = $username;
		$xml .= "<root>Success logging in as " . $_SESSION['username'] . "</root>\n";
	}
	
	echo $xml;
	exit;
}

if ($request == "reset") {
	session_start();
	unset($_SESSION['user_id']);
	unset($_SESSION['username']);
	unset($_SESSION['show_first_time']);
	header("location: user_login.php");
	exit;
}
?>
Return current item: JaxBlog