Author: MrNaitX Language: php
Description: $_SESSION not updated until a couple of refreshes or waiting Timestamp: 2017-02-02 15:09:46 +0000
View raw paste Reply
  1. ************Javascript - Login.js**************
  2.  
  3. $(document).ready(function () {
  4.     "use strict";
  5.     $("#submit").click(function () {
  6.  
  7.         var username = $("#myusername").val(), password = $("#mypassword").val();
  8.  
  9.         if ((username === "") || (password === "")) {
  10.             $("#message").html("<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>Please enter a username and a password</div>");
  11.         } else {
  12.             $.ajax({
  13.                 type: "POST",
  14.                 url: "checklogin.php",
  15.                 data: "myusername=" + username + "&mypassword=" + password,
  16.                 dataType: 'JSON',
  17.                 success: function (html) {
  18.                     //console.log(html.response + ' ' + html.username);
  19.                     if (html.response === 'true') {
  20.                         //location.assign("../index.php");
  21.                        location.reload();
  22.                         return html.username;
  23.                     } else {
  24.                         $("#message").html(html.response);
  25.                     }
  26.                 },
  27.                 error: function (textStatus, errorThrown) {
  28.                     console.log(textStatus);
  29.                     console.log(errorThrown);
  30.                 },
  31.                 beforeSend: function () {
  32.                     $("#message").html("<p class='text-center'><img src='images/ajax-loader.gif'></p>");
  33.                 }
  34.             });
  35.         }
  36.         return false;
  37.     });
  38. });
  39.  
  40.  
  41. ***************PHP - checklogin.php*************
  42.  
  43. <?php
  44. //DO NOT ECHO ANYTHING ON THIS PAGE OTHER THAN RESPONSE
  45. //'true' triggers login success
  46. include 'config.php';
  47. require 'includes/functions.php';
  48.  
  49. // Define $myusername and $mypassword
  50. $username = $_POST['myusername'];
  51. $password = $_POST['mypassword'];
  52.  
  53. // To protect MySQL injection
  54. $username = stripslashes($username);
  55. $password = stripslashes($password);
  56.  
  57. $response = '';
  58. $loginCtl = new LoginForm;
  59. $conf = new GlobalConf;
  60. $lastAttempt = checkAttempts($username);
  61. $max_attempts = $conf->max_attempts;
  62.  
  63.  
  64. //First Attempt
  65. if ($lastAttempt['lastlogin'] == '') {
  66.  
  67.     $lastlogin = 'never';
  68.     $loginCtl->insertAttempt($username);
  69.     $response = $loginCtl->checkLogin($username, $password);
  70.  
  71. } elseif ($lastAttempt['attempts'] >= $max_attempts) {
  72.  
  73.     //Exceeded max attempts
  74.     $loginCtl->updateAttempts($username);
  75.     $response = $loginCtl->checkLogin($username, $password);
  76.  
  77. } else {
  78.  
  79.     $response = $loginCtl->checkLogin($username, $password);
  80.  
  81. };
  82.  
  83. if ($lastAttempt['attempts'] < $max_attempts && $response != 'true') {
  84.  
  85.     $loginCtl->updateAttempts($username);
  86.     $resp = new RespObj($username, $response);
  87.     $jsonResp = json_encode($resp);
  88.     echo $jsonResp;
  89.  
  90. } else {
  91.  
  92.     $resp = new RespObj($username, $response);
  93.     $jsonResp = json_encode($resp);
  94.     echo $jsonResp;
  95.  
  96. }
  97.  
  98. unset($resp, $jsonResp);
  99.  
  100. *****************PHP - Loginform.php ******************
  101. <?php
  102. class LoginForm extends DbConn
  103. {
  104.     public function checkLogin($myusername, $mypassword)
  105.     {
  106.         $conf = new GlobalConf;
  107.         $ip_address = $conf->ip_address;
  108.         $login_timeout = $conf->login_timeout;
  109.         $max_attempts = $conf->max_attempts;
  110.         $timeout_minutes = $conf->timeout_minutes;
  111.         $attcheck = checkAttempts($myusername);
  112.         $curr_attempts = $attcheck['attempts'];
  113.  
  114.         $datetimeNow = date("Y-m-d H:i:s");
  115.         $oldTime = strtotime($attcheck['lastlogin']);
  116.         $newTime = strtotime($datetimeNow);
  117.         $timeDiff = $newTime - $oldTime;
  118.  
  119.         try {
  120.  
  121.             $db = new DbConn;
  122.             $tbl_members = $db->tbl_members;
  123.             $err = '';
  124.  
  125.         } catch (PDOException $e) {
  126.  
  127.             $err = "Error: " . $e->getMessage();
  128.  
  129.         }
  130.  
  131.         $stmt = $db->conn->prepare("SELECT * FROM ".$tbl_members." WHERE username = :myusername");
  132.         $stmt->bindParam(':myusername', $myusername);
  133.         $stmt->execute();
  134.  
  135.         // Gets query result
  136.         $result = $stmt->fetch(PDO::FETCH_ASSOC);
  137.  
  138.         if ($curr_attempts >= $max_attempts && $timeDiff < $login_timeout) {
  139.  
  140.             //Too many failed attempts
  141.             $success = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>Maximum number of login attempts exceeded... please wait ".$timeout_minutes." minutes before logging in again</div>";
  142.  
  143.         } else {
  144.  
  145.              //If max attempts not exceeded, continue
  146.             // Checks password entered against db password hash
  147.             if (password_verify($mypassword, $result['password']) && $result['verified'] == '1') {
  148.  
  149.                 //Success! Register $myusername, $mypassword and return "true"
  150.                 $success = 'true';
  151.                     session_start();
  152.  
  153.                     $_SESSION['username'] = $myusername;
  154.  
  155.             } elseif (password_verify($mypassword, $result['password']) && $result['verified'] == '0') {
  156.  
  157.                 //Account not yet verified
  158.                 $success = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>Your account has been created, but you cannot log in until it has been verified</div>";
  159.  
  160.             } else {
  161.  
  162.                 //Wrong username or password
  163.                 $success = "<div class=\"alert alert-danger alert-dismissable\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>Wrong Username or Password</div>";
  164.  
  165.             }
  166.         }
  167.         return $success;
  168.     }
  169.  
  170.     public function insertAttempt($username)
  171.     {
  172.         try {
  173.             $db = new DbConn;
  174.             $conf = new GlobalConf;
  175.             $tbl_attempts = $db->tbl_attempts;
  176.             $ip_address = $conf->ip_address;
  177.             $login_timeout = $conf->login_timeout;
  178.             $max_attempts = $conf->max_attempts;
  179.  
  180.             $datetimeNow = date("Y-m-d H:i:s");
  181.             $attcheck = checkAttempts($username);
  182.             $curr_attempts = $attcheck['attempts'];
  183.  
  184.             $stmt = $db->conn->prepare("INSERT INTO ".$tbl_attempts." (ip, attempts, lastlogin, username) values(:ip, 1, :lastlogin, :username)");
  185.             $stmt->bindParam(':ip', $ip_address);
  186.             $stmt->bindParam(':lastlogin', $datetimeNow);
  187.             $stmt->bindParam(':username', $username);
  188.             $stmt->execute();
  189.             $curr_attempts++;
  190.             $err = '';
  191.  
  192.         } catch (PDOException $e) {
  193.  
  194.             $err = "Error: " . $e->getMessage();
  195.  
  196.         }
  197.  
  198.         //Determines returned value ('true' or error code)
  199.         $resp = ($err == '') ? 'true' : $err;
  200.  
  201.         return $resp;
  202.  
  203.     }
  204.  
  205.     public function updateAttempts($username)
  206.     {
  207.         try {
  208.             $db = new DbConn;
  209.             $conf = new GlobalConf;
  210.             $tbl_attempts = $db->tbl_attempts;
  211.             $ip_address = $conf->ip_address;
  212.             $login_timeout = $conf->login_timeout;
  213.             $max_attempts = $conf->max_attempts;
  214.             $timeout_minutes = $conf->timeout_minutes;
  215.  
  216.             $att = new LoginForm;
  217.             $attcheck = checkAttempts($username);
  218.             $curr_attempts = $attcheck['attempts'];
  219.  
  220.             $datetimeNow = date("Y-m-d H:i:s");
  221.             $oldTime = strtotime($attcheck['lastlogin']);
  222.             $newTime = strtotime($datetimeNow);
  223.             $timeDiff = $newTime - $oldTime;
  224.  
  225.             $err = '';
  226.             $sql = '';
  227.  
  228.             if ($curr_attempts >= $max_attempts && $timeDiff < $login_timeout) {
  229.  
  230.                 if ($timeDiff >= $login_timeout) {
  231.  
  232.                     $sql = "UPDATE ".$tbl_attempts." SET attempts = :attempts, lastlogin = :lastlogin where ip = :ip and username = :username";
  233.                     $curr_attempts = 1;
  234.  
  235.                 }
  236.  
  237.             } else {
  238.  
  239.                 if ($timeDiff < $login_timeout) {
  240.  
  241.                     $sql = "UPDATE ".$tbl_attempts." SET attempts = :attempts, lastlogin = :lastlogin where ip = :ip and username = :username";
  242.                     $curr_attempts++;
  243.  
  244.                 } elseif ($timeDiff >= $login_timeout) {
  245.  
  246.                     $sql = "UPDATE ".$tbl_attempts." SET attempts = :attempts, lastlogin = :lastlogin where ip = :ip and username = :username";
  247.                     $curr_attempts = 1;
  248.  
  249.                 }
  250.  
  251.                 $stmt2 = $db->conn->prepare($sql);
  252.                 $stmt2->bindParam(':attempts', $curr_attempts);
  253.                 $stmt2->bindParam(':ip', $ip_address);
  254.                 $stmt2->bindParam(':lastlogin', $datetimeNow);
  255.                 $stmt2->bindParam(':username', $username);
  256.                 $stmt2->execute();
  257.  
  258.             }
  259.  
  260.         } catch (PDOException $e) {
  261.  
  262.             $err = "Error: " . $e->getMessage();
  263.  
  264.         }
  265.  
  266.         //Determines returned value ('true' or error code) (ternary)
  267.         $resp = ($err == '') ? 'true' : $err;
  268.  
  269.         return $resp;
  270.  
  271.     }
  272.  
  273. }
  274.  
  275. ************HTML/PHP - Index.php*******************
  276. ***AT THE TOP OF Index.php***
  277. <?php
  278. ?>
  279. ***
  280.  
  281. <?php
  282. if(!isset($_SESSION['username'])): ?>
  283.   <div class="right"><span class="button menuButton dropdownTrigger" data-dropdown-id="1"><a>Logga In</a></div>
  284. <?php else: ?>
  285.   <div class="right"><span class="button menuButton"><a>Profil</a></div>
  286. <?php endif; ?>
View raw paste Reply