Gitiles
Code Review Sign In
gerrit.avm99963.com / edu / fisi-pastanagapp / 20af6c22073e86d16c03a2f1f3e9186e3bc94a86 / . / php / login.php
blob: 45575e35f68b4bf4bbce65ed5e20267c9a30be05 [file] [log] [blame]
Andreu0d72bd62019-09-17 23:31:14 +0200[diff] [blame]1<?php
Andreu2457e402019-09-22 00:52:41 +0200[diff] [blame]2 require '../credentials.php';
Andreuabbcb7e2019-09-21 18:22:14 +0200[diff] [blame]3 require 'utils.php';
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame^]4
5 $credentials = new Credentials();
6 $usersdb = $credentials->usersdb;
7 $mortsdb = $credentials->mortsdb;
8
Andreu09b8b052019-09-21 21:47:20 +0200[diff] [blame]9 // Set the 'user' POST and COOKIE variable
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]10 $user = '';
11 if (isset($_POST['user'])) $user = $_POST['user'];
12 else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
13 else {
Andreu4b2fbd92019-09-22 22:30:25 +0200[diff] [blame]14 die("<script>window.location.href = '../index.php'</script>");
Andreu09b8b052019-09-21 21:47:20 +0200[diff] [blame]15 }
16
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]17 // Check if password is correct
Andreu20af6c22019-09-24 18:33:50 +0200[diff] [blame^]18 $query_password = "SELECT password FROM $usersdb WHERE id=".$user;
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]19 $real_password = query($query_password)->fetch_row()[0];
20
21 // Prioritize input rather than memory
22 $password = '';
23 if (isset($_POST['password'])) $password = $_POST['password'];
24 else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
25
26 // Redirect if wrong
27 if ($real_password != "" && $real_password != md5($password)) {
Andreu543e70c2019-09-22 14:08:49 +0200[diff] [blame]28 // Forget cookies
29 setcookie('user', '', -1, "/");
30 setcookie('password', '', -1, "/");
31
Andreu4b2fbd92019-09-22 22:30:25 +0200[diff] [blame]32 die("<script>window.location.href = '../index.php?wrongpassword=1'</script>");
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]33 }
34
35 // Save variables as cookies
36 setcookie('user', $user, time() + (86400 * 10), "/");
Andreu543e70c2019-09-22 14:08:49 +0200[diff] [blame]37 if ($real_password != "") setcookie('password', md5($password), time() + (86400 * 10), "/");
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]38 else setcookie('password', '', -1, "/");
39
40 // Success, proceed to main page
Andreua0fc8272019-09-23 00:35:25 +0200[diff] [blame]41 die("<script>window.location.href = '../main.php';</script>");
Andreu0d72bd62019-09-17 23:31:14 +0200[diff] [blame]42?>