Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 1 | <?php |
Andreu | 2457e40 | 2019-09-22 00:52:41 +0200 | [diff] [blame] | 2 | require '../credentials.php'; |
Andreu | abbcb7e | 2019-09-21 18:22:14 +0200 | [diff] [blame] | 3 | require 'utils.php'; |
Andreu | efe66eb | 2019-09-21 18:41:49 +0200 | [diff] [blame] | 4 | |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 5 | // Set the 'user' POST and COOKIE variable |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 6 | $user = ''; |
| 7 | if (isset($_POST['user'])) $user = $_POST['user']; |
| 8 | else if (isset($_COOKIE['user'])) $user = $_COOKIE['user']; |
| 9 | else { |
Andreu | 4b2fbd9 | 2019-09-22 22:30:25 +0200 | [diff] [blame] | 10 | die("<script>window.location.href = '../index.php'</script>"); |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 11 | } |
| 12 | |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 13 | // Check if password is correct |
| 14 | $query_password = "SELECT password FROM users WHERE id=".$user; |
| 15 | $real_password = query($query_password)->fetch_row()[0]; |
| 16 | |
| 17 | // Prioritize input rather than memory |
| 18 | $password = ''; |
| 19 | if (isset($_POST['password'])) $password = $_POST['password']; |
| 20 | else if (isset($_COOKIE['password'])) $password = $_COOKIE['password']; |
| 21 | |
| 22 | // Redirect if wrong |
| 23 | if ($real_password != "" && $real_password != md5($password)) { |
Andreu | 543e70c | 2019-09-22 14:08:49 +0200 | [diff] [blame] | 24 | // Forget cookies |
| 25 | setcookie('user', '', -1, "/"); |
| 26 | setcookie('password', '', -1, "/"); |
| 27 | |
Andreu | 4b2fbd9 | 2019-09-22 22:30:25 +0200 | [diff] [blame] | 28 | die("<script>window.location.href = '../index.php?wrongpassword=1'</script>"); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 29 | } |
| 30 | |
| 31 | // Save variables as cookies |
| 32 | setcookie('user', $user, time() + (86400 * 10), "/"); |
Andreu | 543e70c | 2019-09-22 14:08:49 +0200 | [diff] [blame] | 33 | if ($real_password != "") setcookie('password', md5($password), time() + (86400 * 10), "/"); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 34 | else setcookie('password', '', -1, "/"); |
| 35 | |
| 36 | // Success, proceed to main page |
Andreu | a0fc827 | 2019-09-23 00:35:25 +0200 | [diff] [blame] | 37 | die("<script>window.location.href = '../main.php';</script>"); |
Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 38 | ?> |