try to establish a session if ok redirect to previous page else show error and a login prompt else do nothing, function authorize() will be available to the calling script */ function sql_connect_auth() { global $auth_db; if (isset($auth_db)) { // already connected return; } $auth_db = new mysqli('localhost','fans','Bt2bX8CWEduA4Vb2', 'npcs'); if (mysqli_connect_error()) { throw new Exception('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } $auth_db->set_charset('utf8'); } function sql_query($query,$debug=false) { global $auth_db; if ($debug) { die(htmlspecialchars($query)); } else { $res = $auth_db->query($query); if ($res === false) { throw new Exception ($auth_db->error.' query was '.$query.''); } else { return $res; } } } function authorize() { global $auth_db; $success = false; if ( isset($_COOKIE['npcs_reader_sid']) ) { $sid=$_COOKIE['npcs_reader_sid']; $temp=sql_query("select * from `sessions` natural join `users` where `sid`='".$auth_db->real_escape_string($sid). "' and `ip`=inet_aton('".$auth_db->real_escape_string($_SERVER['REMOTE_ADDR'])."')" ); if ($temp->num_rows == 1) { $sessionData=$temp->fetch_assoc(); if($sessionData['expires']'; } $auth = file_get_contents('auth.html'); echo str_replace(array('%onsuccess%','%errormessage%'),array($onsuccess,$error),$auth); die; } if (isset($_REQUEST['authprompt'])) { $addr =$_SERVER['HTTP_REFERER']; $i=strpos($addr,'://'); $i=strpos($addr,'/',$i+3); show_auth_prompt('',substr($addr,$i)); } if(isset($_REQUEST['email']) && isset($_REQUEST['password'])) { sql_connect_auth(); $temp2=sql_query("select * from `users` where `email`='". $auth_db->real_escape_string($_REQUEST['email']). "' and `pass`=sha1('".$auth_db->real_escape_string($_REQUEST['password'])."')" ); if ($temp2->num_rows==1) { // generate new session id $alphanumeric = "QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890"; // 62 digits $sid = ''; for ($i = 0; $i<20;$i++) { $sid.=$alphanumeric[rand(0,61)]; } $userdata = $temp2->fetch_assoc(); $timeout = time()+$session_timeout; // write it to cookie and database setcookie("npcs_reader_sid",$sid,$timeout,'/'); $session_data = array( 'sid' => "'".$sid."'", 'uid' => $userdata['uid'], 'ip' => "inet_aton('".$auth_db->real_escape_string($_SERVER['REMOTE_ADDR'])."')", 'expires' => $timeout ); $fields = '`'.implode('`,`',array_keys($session_data)).'`'; $values = implode(",",$session_data); sql_query("insert into `sessions` ($fields) values ($values)"); if (isset($_REQUEST['onsuccess'])) { redirect_via_header($_REQUEST['onsuccess']); } else if (isset($_SERVER['HTTP_REFERER'])) { $addr =$_SERVER['HTTP_REFERER']; $i=strpos($addr,'://'); $i=strpos($addr,'/',$i+3); redirect_via_header(substr($addr,$i)); } else { redirect_via_header('/index.php'); } } else { // bad username/password if (isset($_REQUEST['onsuccess'])) { $onsuccess = $_REQUEST['onsuccess']; } else if (isset($_SERVER['HTTP_REFERER'])) { $addr =$_SERVER['HTTP_REFERER']; $i=strpos($addr,'://'); $i=strpos($addr,'/',$i+3); $onsuccess = substr($addr,$i); } else { $onsuccess = '/index.php'; } show_auth_prompt ('You have entered invalid email/username or password, please try once again',$onsuccess); } } ?>