blob: 3ebd0c5778f5220e13d2d9713859706e5bc4f0e5 [file] [log] [blame]
Andreu0d72bd62019-09-17 23:31:14 +02001<?php
Andreuabbcb7e2019-09-21 18:22:14 +02002 require 'utils.php';
Andreuefe66eb2019-09-21 18:41:49 +02003
Andreu09b8b052019-09-21 21:47:20 +02004 // Set the 'user' POST and COOKIE variable
Andreu20cbd1d2019-09-22 00:00:57 +02005 $user = '';
6 if (isset($_POST['user'])) $user = $_POST['user'];
7 else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
8 else {
9 header("Location: ../index.php");
Andreu09b8b052019-09-21 21:47:20 +020010 die();
11 }
12
Andreu20cbd1d2019-09-22 00:00:57 +020013 // Check if password is correct
14 $query_password = "SELECT password FROM users WHERE id=".$user;
15 $real_password = query($query_password)->fetch_row()[0];
16
17 // Prioritize input rather than memory
18 $password = '';
19 if (isset($_POST['password'])) $password = $_POST['password'];
20 else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
21
22 // Redirect if wrong
23 if ($real_password != "" && $real_password != md5($password)) {
24 header("Location: ../index.php?wrongpassword=1");
25 die();
26 }
27
28 // Save variables as cookies
29 setcookie('user', $user, time() + (86400 * 10), "/");
30 if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
31 else setcookie('password', '', -1, "/");
32
33 // Success, proceed to main page
Andreu09b8b052019-09-21 21:47:20 +020034 header("Location: ../main.php");
Andreu0d72bd62019-09-17 23:31:14 +020035?>