| Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 1 | <?php |
| Andreu | abbcb7e | 2019-09-21 18:22:14 +0200 | [diff] [blame] | 2 | require 'utils.php'; |
| Andreu | efe66eb | 2019-09-21 18:41:49 +0200 | [diff] [blame] | 3 | |
| Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 4 | // Set the 'user' POST and COOKIE variable |
| Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame^] | 5 | $user = ''; |
| 6 | if (isset($_POST['user'])) $user = $_POST['user']; |
| 7 | else if (isset($_COOKIE['user'])) $user = $_COOKIE['user']; |
| 8 | else { |
| 9 | header("Location: ../index.php"); |
| Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 10 | die(); |
| 11 | } |
| 12 | |
| Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame^] | 13 | // Check if password is correct |
| 14 | $query_password = "SELECT password FROM users WHERE id=".$user; |
| 15 | $real_password = query($query_password)->fetch_row()[0]; |
| 16 | |
| 17 | // Prioritize input rather than memory |
| 18 | $password = ''; |
| 19 | if (isset($_POST['password'])) $password = $_POST['password']; |
| 20 | else if (isset($_COOKIE['password'])) $password = $_COOKIE['password']; |
| 21 | |
| 22 | // Redirect if wrong |
| 23 | if ($real_password != "" && $real_password != md5($password)) { |
| 24 | header("Location: ../index.php?wrongpassword=1"); |
| 25 | die(); |
| 26 | } |
| 27 | |
| 28 | // Save variables as cookies |
| 29 | setcookie('user', $user, time() + (86400 * 10), "/"); |
| 30 | if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/"); |
| 31 | else setcookie('password', '', -1, "/"); |
| 32 | |
| 33 | // Success, proceed to main page |
| Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 34 | header("Location: ../main.php"); |
| Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 35 | ?> |