Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 1 | <?php |
Andreu | 2457e40 | 2019-09-22 00:52:41 +0200 | [diff] [blame] | 2 | require '../credentials.php'; |
Andreu | abbcb7e | 2019-09-21 18:22:14 +0200 | [diff] [blame] | 3 | require 'utils.php'; |
Andreu | 20af6c2 | 2019-09-24 18:33:50 +0200 | [diff] [blame] | 4 | |
| 5 | $credentials = new Credentials(); |
| 6 | $usersdb = $credentials->usersdb; |
| 7 | $mortsdb = $credentials->mortsdb; |
| 8 | |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 9 | // Set the 'user' POST and COOKIE variable |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 10 | $user = ''; |
| 11 | if (isset($_POST['user'])) $user = $_POST['user']; |
| 12 | else if (isset($_COOKIE['user'])) $user = $_COOKIE['user']; |
| 13 | else { |
Andreu | 4b2fbd9 | 2019-09-22 22:30:25 +0200 | [diff] [blame] | 14 | die("<script>window.location.href = '../index.php'</script>"); |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 15 | } |
| 16 | |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 17 | // Check if password is correct |
Andreu | 20af6c2 | 2019-09-24 18:33:50 +0200 | [diff] [blame] | 18 | $query_password = "SELECT password FROM $usersdb WHERE id=".$user; |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 19 | $real_password = query($query_password)->fetch_row()[0]; |
| 20 | |
| 21 | // Prioritize input rather than memory |
| 22 | $password = ''; |
| 23 | if (isset($_POST['password'])) $password = $_POST['password']; |
| 24 | else if (isset($_COOKIE['password'])) $password = $_COOKIE['password']; |
| 25 | |
| 26 | // Redirect if wrong |
| 27 | if ($real_password != "" && $real_password != md5($password)) { |
Andreu | 543e70c | 2019-09-22 14:08:49 +0200 | [diff] [blame] | 28 | // Forget cookies |
| 29 | setcookie('user', '', -1, "/"); |
| 30 | setcookie('password', '', -1, "/"); |
| 31 | |
Andreu | 4b2fbd9 | 2019-09-22 22:30:25 +0200 | [diff] [blame] | 32 | die("<script>window.location.href = '../index.php?wrongpassword=1'</script>"); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 33 | } |
| 34 | |
| 35 | // Save variables as cookies |
| 36 | setcookie('user', $user, time() + (86400 * 10), "/"); |
Andreu | 543e70c | 2019-09-22 14:08:49 +0200 | [diff] [blame] | 37 | if ($real_password != "") setcookie('password', md5($password), time() + (86400 * 10), "/"); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 38 | else setcookie('password', '', -1, "/"); |
| 39 | |
| 40 | // Success, proceed to main page |
Andreu | a0fc827 | 2019-09-23 00:35:25 +0200 | [diff] [blame] | 41 | die("<script>window.location.href = '../main.php';</script>"); |
Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 42 | ?> |