getToken(); $_SESSION['token'] = $token; } $_SESSION['admin-uuid'] = $cryptography->uniqueID(); if(!isset($_SESSION['admin-uuid']) || empty($_SESSION['admin-uuid'])) { header("location: ../error/3/"); exit; } // create a new admin token if(!isset($_SESSION['uuid'])) { $token = $cryptography->uniqueID(); $token .= $cryptography->uniqueID(); $token .= $cryptography->uniqueID(); $token .= $cryptography->uniqueID(); $_SESSION['uuid'] = $token; } else { $token = $_SESSION['uuid']; } if(isset($_POST['csrf'])) { if($_POST['csrf'] === $_SESSION['uuid']) { if(isset($_REQUEST['username']) && !empty($_REQUEST['password'])) { $username = $db->clean($_POST["username"],'encode'); $password = $db->clean($_POST["password"],'encode'); $userprofile = []; $result = []; $table = 'users'; $column = 'username'; $value = $username; $operator = '*'; $result = $db->select($table,$operator,$column,$value); $result_attempt = $db->query('select * from `users` WHERE role = 1'); if(count($result) >= 1 && !password_verify($password, $result[0]['password'])) { if($result_attempt[0]['attempts'] >= MAX_LOGIN_ATTEMPTS) { header("location: ../error/1/"); $may_login = false; exit; } } else if(count($result) >= 1 && password_verify($password, $result[0]['password'])) { $id = 1; $table = 'users'; $columns = ['attempts']; $values = [0]; $db->update($table,$columns,$values,$id); $_SESSION['uid'] = $db->intcast($result[0]['id']); $_SESSION['profile'] = $result[0]; $_SESSION['loggedin'] = '1'; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; session_regenerate_id(); session_commit(); header("Location: ../index.php"); exit; } else { $id = 1; $table = 'users'; $columns = ['attempts']; $values = [$result_attempt[0]['attempts'] + 1]; $db->update($table,$columns,$values,$id); } } } } ?>

Login