Warning: Cannot modify header information - headers already sent by (output started at G:\test\basis\home.php:212) in G:\test\index.php on line 50
Warning: Cannot modify header information - headers already sent by (output started at G:\test\basis\home.php:212) in G:\test\index.php on line 51
Je bent ingelogd!
<?php
include('config.inc.php');
/* ----------------------------------------------------------------------------------------------- */
if(!isingelogd()) {
// Anti-flood, na 5 keer verkeerd inloggen wordt je IP adres 24 uur geband
$query = " SELECT
COUNT(id) AS attempts
FROM
".$settings['db_login_attempts_table']."
WHERE
date_time > (NOW() - INTERVAL 1 MINUTE)
AND
ip = '".$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."'
AND
sys_info = '".$mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT'])."'";
if ($result = $mysqli->query($query)) { //bovenstaande ff aangepast voor test!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$login_attempt = $result->fetch_assoc();
if($login_attempt['attempts'] > $settings['max_login_pogingen']) { // Controleren of je bent geband
echo 'U bent tijdelijk geband<br>';
} else {
if (mb_strtoupper($_SERVER['REQUEST_METHOD']) != 'POST') {
$formulier = true;
} else {
$formulier = false;
if(ctype_digit($_POST['form']) && time() < strtotime("+1 minute", $_POST['form'])) {
$username = htmlspecialchars($_POST['username']);
$hashedPass = sha1($username.$_POST['pass']);
$query = " SELECT
ID
FROM
".$settings['db_gebruikers_table']."
WHERE
gebruikersnaam = '".$mysqli->real_escape_string($username)."'
AND
wachtwoord = '".$mysqli->real_escape_string($hashedPass)."'";
if ($result = $mysqli->query($query)) {
$userId = $result->fetch_assoc();
if(ctype_digit($userId['ID'])) {
$hash_key = uniqid(mt_rand(), true);
$hash = sha1($userId['ID'] . $_SERVER['HTTP_USER_AGENT'] . $hash_key);
// Cookies maken
setcookie('user_id', $userId['ID'], time() + 60*60*24*365, '/');
setcookie('user_hash', $hash, time() + 60*60*24*365, '/');
// Update query samenstellen, ip en hash updaten
$sql = " INSERT INTO
".$settings['db_sessions_table']."
(
gebruikerID,
hash,
hash_key,
datum,
ip
)
VALUES (
'".$mysqli->real_escape_string($userId['ID'])."',
'".$hash."',
'".$hash_key."',
NOW(),
'".$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."'
)";
// Query uitvoeren
if(!$result = $mysqli->query($sql)) {
trigger_error('Fout in query: '.$mysqli->error);
} else {
if($mysqli->affected_rows > 0) {
echo 'Je bent ingelogd!';
}
}
} else {
$sql = " INSERT INTO
".$settings['db_login_attempts_table']."
(
date_time,
ip,
sys_info
)
VALUES (
NOW(),
'".$mysqli->real_escape_string($_SERVER['REMOTE_ADDR'])."',
'".$mysqli->real_escape_string($_SERVER['HTTP_USER_AGENT'])."'
)";
if(!$result = $mysqli->query($sql)) {
trigger_error('Fout in query: '.$mysqli->error);
}/*else {
if($mysqli->affected_rows > 0) {
echo 'Attempt ingevoerd<br>';
}
}
*/
echo 'Het wachtwoord of gebruikersnaam was incorrect';
$formulier = true;
}
}
} else {
echo 'Fout bij inloggen. Probeer het opnieuw.';
}
}
if($formulier) {
echo ' <form method="post" action="'.end(explode('/', $_SERVER["REQUEST_URI"])).'">
<p><label>Username:</label><input type="text" name="username" value="" /></p>
<p><label>Password:</label><input type="password" name="pass" value="" /></p>
<br><input type="hidden" name="form" value="'.time().'" />
<p><input type="submit" value="Inloggen" /></p>
<p><a href="registration.php">registreren</p>
</form>
';
}
}
} else {
trigger_error('Fout in query: '.$mysqli->error);
}
} else {
echo 'U bent al ingelogd.';
}
?>
