Gitiles
Code Review Sign In
gerrit.avm99963.com / edu / fisi-pastanagapp / 2457e40b69504575367718a0c2e85aee5439db0f / . / php / login.php
blob: 4219e2c72d13356dd0ef7887e9dc6a3bb992f10d [file] [log] [blame]
Andreu0d72bd62019-09-17 23:31:14 +0200[diff] [blame]1<?php
Andreu2457e402019-09-22 00:52:41 +0200[diff] [blame^]2 require '../credentials.php';
Andreuabbcb7e2019-09-21 18:22:14 +0200[diff] [blame]3 require 'utils.php';
Andreuefe66eb2019-09-21 18:41:49 +0200[diff] [blame]4
Andreu09b8b052019-09-21 21:47:20 +0200[diff] [blame]5 // Set the 'user' POST and COOKIE variable
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]6 $user = '';
7 if (isset($_POST['user'])) $user = $_POST['user'];
8 else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
9 else {
10 header("Location: ../index.php");
Andreu09b8b052019-09-21 21:47:20 +0200[diff] [blame]11 die();
12 }
13
Andreu20cbd1d2019-09-22 00:00:57 +0200[diff] [blame]14 // Check if password is correct
15 $query_password = "SELECT password FROM users WHERE id=".$user;
16 $real_password = query($query_password)->fetch_row()[0];
17
18 // Prioritize input rather than memory
19 $password = '';
20 if (isset($_POST['password'])) $password = $_POST['password'];
21 else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
22
23 // Redirect if wrong
24 if ($real_password != "" && $real_password != md5($password)) {
25 header("Location: ../index.php?wrongpassword=1");
26 die();
27 }
28
29 // Save variables as cookies
30 setcookie('user', $user, time() + (86400 * 10), "/");
31 if ($real_password != "") setcookie('password', $password, time() + (86400 * 10), "/");
32 else setcookie('password', '', -1, "/");
33
34 // Success, proceed to main page
Andreu09b8b052019-09-21 21:47:20 +0200[diff] [blame]35 header("Location: ../main.php");
Andreu0d72bd62019-09-17 23:31:14 +0200[diff] [blame]36?>