prepare('SELECT id, emailadd, password FROM tblusers WHERE emailadd = :emailadd AND accstatus = \'active\''); $stmt->bindParam(':emailadd', $email, PDO::PARAM_STR); $stmt->execute(); $stmt->setFetchMode(PDO::FETCH_ASSOC); $row = $stmt->fetch(); // Check if password has been converted or not if($row['password'] == md5($rawPass)) { if(convertPassword($rawPass, $row['password'], $row['emailadd']) === false) { $error = 'Username and/or password is incorrect, please try again.'; } $stmt = $db->prepare('SELECT password FROM tblusers WHERE emailadd = :emailadd AND accstatus = \'active\''); $stmt->bindParam(':emailadd', $email, PDO::PARAM_STR); $stmt->execute(); $stmt->setFetchMode(PDO::FETCH_ASSOC); $row = $stmt->fetch(); } if(strlen($error) == 0) { // Password previously converted, validate password if(Password::validatePassword($rawPass, $row['password']) === true) { $stmt = $db->prepare('SELECT id, emailadd, username, utype FROM tblusers WHERE emailadd = :emailadd AND accstatus = \'active\''); $stmt->bindParam(':emailadd', $email, PDO::PARAM_STR); $stmt->execute(); $stmt->setFetchMode(PDO::FETCH_ASSOC); $userArr = $stmt->fetch(); } if (!$userArr) { $error = "Username and/or password is incorrect, please try again."; } else { // login $_SESSION['userid'] = $userArr['id']; $_SESSION['email'] = $userArr['emailadd']; $_SESSION['loggedin'] = true; $_SESSION['forum_user'] = $userArr['username']; $_SESSION['utype'] = $userArr['utype']; // update last login info $ip = getUserIpAddress(); $sql = "UPDATE tblusers SET lastlogin = NOW(), lastloginip=? WHERE id=?"; $q = $db->prepare($sql); $q->execute(array($ip, $row['id'])); // log login attempt $sql = "INSERT INTO login_attempts (user, pass, dateaction, userip, status) VALUES (:user, :pass, NOW(), :userip, 'success')"; $q = $db->prepare($sql); $q->execute(array( ':user' => $email, ':pass' => '', ':userip' => $ip, )); // admin users if(($_SESSION['utype'] == 'admin') || ($_SESSION['utype'] == 'support')) { if(ENVIRONMENT == 'LIVE') { // send email notification of login $content = "New ".$_SESSION['utype']." login on mfscripts from IP: " . $ip . "\n\n"; $content .= "*******************************************************\n"; sendEmail(strtoupper($_SESSION['utype']).' LOGIN! On Mfscripts.com. IP: '.$ip, str_replace("\n", "
", $content), 'redlorry919@gmail.com', 'redlorry919@gmail.com', 'Admin'); } // redirect to admin area redirect(SITE_URL.'/_admin_/index.html'); } // non admin users redirect(SITE_URL.'/account-home.html'); } } } } // include header section include_once('_header.inc.php'); ?>

Login to

Forgot your Password?