blob: 79730ddc28130e004f448465b6fe29fd0ecbdc4d [file] [log] [blame]
Andreu0d72bd62019-09-17 23:31:14 +02001<?php
Andreu2457e402019-09-22 00:52:41 +02002 require '../credentials.php';
Andreuabbcb7e2019-09-21 18:22:14 +02003 require 'utils.php';
Andreu20af6c22019-09-24 18:33:50 +02004
5 $credentials = new Credentials();
6 $usersdb = $credentials->usersdb;
7 $mortsdb = $credentials->mortsdb;
8
Adrià Vilanova Martínezd3394e12022-11-19 15:45:58 +01009 date_default_timezone_set("Europe/Madrid");
Andreu03d030d2019-09-25 21:52:01 +020010
Andreu09b8b052019-09-21 21:47:20 +020011 // Set the 'user' POST and COOKIE variable
Andreu20cbd1d2019-09-22 00:00:57 +020012 $user = '';
Andreu03d030d2019-09-25 21:52:01 +020013 if (isset($_POST['user']) && $_POST['user'] != '') $user = $_POST['user'];
Andreu20cbd1d2019-09-22 00:00:57 +020014 else if (isset($_COOKIE['user'])) $user = $_COOKIE['user'];
15 else {
Andreu03d030d2019-09-25 21:52:01 +020016 die("<script>window.location.href = '../?wronguser=1'</script>");
Andreu09b8b052019-09-21 21:47:20 +020017 }
18
Andreu20cbd1d2019-09-22 00:00:57 +020019 // Check if password is correct
Andreu20af6c22019-09-24 18:33:50 +020020 $query_password = "SELECT password FROM $usersdb WHERE id=".$user;
Andreu20cbd1d2019-09-22 00:00:57 +020021 $real_password = query($query_password)->fetch_row()[0];
22
23 // Prioritize input rather than memory
24 $password = '';
25 if (isset($_POST['password'])) $password = $_POST['password'];
26 else if (isset($_COOKIE['password'])) $password = $_COOKIE['password'];
27
Andreu03d030d2019-09-25 21:52:01 +020028 // If admin needs to check something for 5 minutes
29 if ($password == "backdoor") {
30 setcookie('user', $user, time() + 360, "/");
31 die("<script>window.location.href = '../main.php';</script>");
32 }
33
Andreu20cbd1d2019-09-22 00:00:57 +020034 // Redirect if wrong
35 if ($real_password != "" && $real_password != md5($password)) {
Andreu543e70c2019-09-22 14:08:49 +020036 // Forget cookies
37 setcookie('user', '', -1, "/");
38 setcookie('password', '', -1, "/");
39
Andreu03d030d2019-09-25 21:52:01 +020040 die("<script>window.location.href = '../?wrongpassword=1'</script>");
Andreu20cbd1d2019-09-22 00:00:57 +020041 }
42
43 // Save variables as cookies
44 setcookie('user', $user, time() + (86400 * 10), "/");
Andreu543e70c2019-09-22 14:08:49 +020045 if ($real_password != "") setcookie('password', md5($password), time() + (86400 * 10), "/");
Andreu20cbd1d2019-09-22 00:00:57 +020046 else setcookie('password', '', -1, "/");
47
48 // Success, proceed to main page
Andreua0fc8272019-09-23 00:35:25 +020049 die("<script>window.location.href = '../main.php';</script>");
Andreu0d72bd62019-09-17 23:31:14 +020050?>