mydrops/verify.php at master · dropio/mydrops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
session_start();
if(isset($_SESSION['user']))
	header('location: manage.php');

include 'digest.php';
include 'global.php';
include 'config.php';

$user=(trim(strtolower(($_POST['user']))));
$passwd=(trim(strtolower(($_POST['passwd']))));
$digest=digest($passwd);

$invalidUser=(preg_match('/[^a-zA-Z0-9\s@.-_+]/', $user));
if(!$invalidUser)
{
	$con = mysql_connect($mysqlserver,$mysqluser,$mysqlpass);
	if (!$con)
	{
	        die('Could not connect:'.mysql_error());
	}
	mysql_select_db($mysqldb,$con);

	$result=(mysql_query(sprintf("SELECT user_id,user,pass FROM users WHERE user='%s'", mysql_real_escape_string($user))));
	$check=mysql_fetch_array($result, MYSQL_ASSOC);
	mysql_close($con);
} else {
	echo "Invalid characters in e-mail.";
	goBack(login);
}

if(($user != "") && ($passwd != "") && ($user) && ($passwd))
{
	if (($user == $check['user']) && ($digest == $check['pass']))
	{
		$_SESSION['user']=$user;
		$_SESSION['user_id']=$check['user_id'];
		header('Location: manage.php');
	} else {
		echo "Bad username or password";
		goBack(login);
	}
} else {
	echo "Missing e-mail or password.";
	goBack(login);
}
?>