login.php
Gesponsorde koppelingen
PHP script bestanden
<div id="navigation">
<ul>
<li> <a href="index.php"> Home </a></li>
<li> <a href="login.php"> Login </a></li>
<li> <a href="overzicht.php?nr=0-10&sorteer_asc=1"> Overzicht </a></li>
<li> <a href="overzicht_producten.php"> Bekijk producten </a></li>
</ul>
</div>
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<?php
function mysql_prep( $value ) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}
function redirect_to( $location = NULL ) {
if ($location != NULL) {
header("Location: {$location}");
exit;
}
}
?>
function mysql_prep( $value ) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}
function redirect_to( $location = NULL ) {
if ($location != NULL) {
header("Location: {$location}");
exit;
}
}
?>
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
if (isset($_POST['klopt']) && ($_POST['klopt']) == "waar" ) {
$errors = array();
if (!empty($_POST['username'])){
if (strlen(trim(mysql_prep($_POST['username']))) <6 || strlen(trim(mysql_prep($_POST['username']))) >20) {
$errors[0] = "Username niet de juiste lengte";
}
} else {
$errors[0] = "Username niet ingevoerd";
}
if (!empty($_POST['password'])){
if (strlen(trim(mysql_prep($_POST['password']))) <6 || strlen(trim(mysql_prep($_POST['password']))) >30) {
$errors[1] = "password niet de juiste lengte";
}
} else {
$errors[1] = "Password niet ingevoerd";
}
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if ( empty($errors) ) {
$query = "SELECT id_accounts, username, voornaam, rechten ";
$query .= "FROM accounts ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result = mysql_query($query);
if (!$result) {
die("Database query failed: " . mysql_error());
}
$nummer = mysql_num_rows($result);
if ($nummer == 1) {
$found_user = mysql_fetch_array($result);
$_SESSION['id_accounts'] = $found_user['id_accounts'];
$_SESSION['username'] = $found_user['username'];
$_SESSION['voornaam'] = $found_user['voornaam'];
$_SESSION['rechten'] = $found_user['rechten'];
if (!isset($found_user['rechten'])){
exit;
} elseif ($found_user['rechten'] == 1){
header("Location: admin.php");
exit;
} elseif ($found_user['rechten'] == 0) {
header("Location: klant.php");
} else {
exit;
}
} else {
$message = "<br />Username/password combination incorrect.<br />
Please make sure your caps lock key is off and try again.";
}
} else {
$message = "";
if (isset ($errors[0])){$message = "<br />" . $errors[0] . "<br />";}
if (isset ($errors[1])){$message = "<br />" . $errors[1] . "<br />";}
}
} else {
$username = "";
$password = "";
}
?>
if (isset($_POST['klopt']) && ($_POST['klopt']) == "waar" ) {
$errors = array();
if (!empty($_POST['username'])){
if (strlen(trim(mysql_prep($_POST['username']))) <6 || strlen(trim(mysql_prep($_POST['username']))) >20) {
$errors[0] = "Username niet de juiste lengte";
}
} else {
$errors[0] = "Username niet ingevoerd";
}
if (!empty($_POST['password'])){
if (strlen(trim(mysql_prep($_POST['password']))) <6 || strlen(trim(mysql_prep($_POST['password']))) >30) {
$errors[1] = "password niet de juiste lengte";
}
} else {
$errors[1] = "Password niet ingevoerd";
}
$username = trim(mysql_prep($_POST['username']));
$password = trim(mysql_prep($_POST['password']));
$hashed_password = sha1($password);
if ( empty($errors) ) {
$query = "SELECT id_accounts, username, voornaam, rechten ";
$query .= "FROM accounts ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result = mysql_query($query);
if (!$result) {
die("Database query failed: " . mysql_error());
}
$nummer = mysql_num_rows($result);
if ($nummer == 1) {
$found_user = mysql_fetch_array($result);
$_SESSION['id_accounts'] = $found_user['id_accounts'];
$_SESSION['username'] = $found_user['username'];
$_SESSION['voornaam'] = $found_user['voornaam'];
$_SESSION['rechten'] = $found_user['rechten'];
if (!isset($found_user['rechten'])){
exit;
} elseif ($found_user['rechten'] == 1){
header("Location: admin.php");
exit;
} elseif ($found_user['rechten'] == 0) {
header("Location: klant.php");
} else {
exit;
}
} else {
$message = "<br />Username/password combination incorrect.<br />
Please make sure your caps lock key is off and try again.";
}
} else {
$message = "";
if (isset ($errors[0])){$message = "<br />" . $errors[0] . "<br />";}
if (isset ($errors[1])){$message = "<br />" . $errors[1] . "<br />";}
}
} else {
$username = "";
$password = "";
}
?>
<div id="content">
<h1>Login</h1>
<form action="login.php" method="post" name="f1">
<table align="center">
<tr>
<th>Username:</th>
<td align="center"><input type="text" name="username" maxlength="30" value="" /></td>
</tr>
<tr>
<th>Password:</th>
<td align="center"><input type="password" name="password" maxlength="30" value="" /></td>
</tr>
<tr>
<input type="hidden" name="klopt" value="waar">
<td colspan="2" align="center"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
</div>