Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 1 | <?php |
Andreu | 2457e40 | 2019-09-22 00:52:41 +0200 | [diff] [blame] | 2 | require '../credentials.php'; |
Andreu | abbcb7e | 2019-09-21 18:22:14 +0200 | [diff] [blame] | 3 | require 'utils.php'; |
Andreu | efe66eb | 2019-09-21 18:41:49 +0200 | [diff] [blame] | 4 | |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 5 | // Set the 'user' POST and COOKIE variable |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 6 | $user = ''; |
| 7 | if (isset($_POST['user'])) $user = $_POST['user']; |
| 8 | else if (isset($_COOKIE['user'])) $user = $_COOKIE['user']; |
| 9 | else { |
| 10 | header("Location: ../index.php"); |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 11 | die(); |
| 12 | } |
| 13 | |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 14 | // Check if password is correct |
| 15 | $query_password = "SELECT password FROM users WHERE id=".$user; |
| 16 | $real_password = query($query_password)->fetch_row()[0]; |
| 17 | |
| 18 | // Prioritize input rather than memory |
| 19 | $password = ''; |
| 20 | if (isset($_POST['password'])) $password = $_POST['password']; |
| 21 | else if (isset($_COOKIE['password'])) $password = $_COOKIE['password']; |
| 22 | |
| 23 | // Redirect if wrong |
| 24 | if ($real_password != "" && $real_password != md5($password)) { |
Andreu | 543e70c | 2019-09-22 14:08:49 +0200 | [diff] [blame] | 25 | // Forget cookies |
| 26 | setcookie('user', '', -1, "/"); |
| 27 | setcookie('password', '', -1, "/"); |
| 28 | |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 29 | header("Location: ../index.php?wrongpassword=1"); |
| 30 | die(); |
| 31 | } |
| 32 | |
| 33 | // Save variables as cookies |
| 34 | setcookie('user', $user, time() + (86400 * 10), "/"); |
Andreu | 543e70c | 2019-09-22 14:08:49 +0200 | [diff] [blame] | 35 | if ($real_password != "") setcookie('password', md5($password), time() + (86400 * 10), "/"); |
Andreu | 20cbd1d | 2019-09-22 00:00:57 +0200 | [diff] [blame] | 36 | else setcookie('password', '', -1, "/"); |
| 37 | |
| 38 | // Success, proceed to main page |
Andreu | 09b8b05 | 2019-09-21 21:47:20 +0200 | [diff] [blame] | 39 | header("Location: ../main.php"); |
Andreu | 0d72bd6 | 2019-09-17 23:31:14 +0200 | [diff] [blame] | 40 | ?> |