added user agent string to session variable

master
BodgeMaster 2020-02-24 04:15:21 +01:00
parent 3f429d4872
commit becf293628
1 changed files with 5 additions and 5 deletions

View File

@ -1,19 +1,19 @@
<?php <?php
session_start(); session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!'); $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
$statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;'); $statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
$result = $statement->execute(array('username' => $username)); $result = $statement->execute(array('username' => $_POST['username']));
if ($statement->rowCount() > 0) { if ($statement->rowCount() > 0) {
//existing user name //existing user name
$dbentry = $statement->fetch(); $dbentry = $statement->fetch();
//chechk for correct password //chechk for correct password
if ($dbentry['authentication_string'] == hash($dbentry['authentication_algorithm'], $password . $dbentry['authentication_salt'])) { if ($dbentry['authentication_string'] == hash($dbentry['authentication_algorithm'], $_POST['password'] . $dbentry['authentication_salt'])) {
//password correct //password correct
$_SESSION['user_id'] = $dbentry['id']; $_SESSION['user_id'] = $dbentry['id'];
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR']; //ip will be used to prevent session stealing // IP and user agent string are used to prevent cheap session stealing
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['user_http_user_agent'] = $_SERVER['HTTP_USER_AGENT'];
header("Location: https://lostcave.ddnss.de/common/threadr/userhome/"); header("Location: https://lostcave.ddnss.de/common/threadr/userhome/");
} else { } else {
//password inorrect //password inorrect