83 lines
1.9 KiB
PHP
83 lines
1.9 KiB
PHP
<?php
|
|
$path = $_SERVER['DOCUMENT_ROOT'];
|
|
require_once($path . '/core/header.php');
|
|
require_once($path . '/core/footer.php');
|
|
require_once($path . '/core/database.php');
|
|
|
|
if($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
|
|
// funtion to handle failed logins
|
|
function failed_login($msg = 'invalid username or password') {
|
|
header("Location: /login.php?error=$msg");
|
|
exit();
|
|
}
|
|
|
|
// assign the form contents to variables
|
|
$username = strtolower($_POST['user'] ?? '');
|
|
$password = strtolower($_POST['pass'] ?? '');
|
|
|
|
if ($username == '' || $password == '') failed_login();
|
|
|
|
$conn = get_database_conn();
|
|
$login_sql = "SELECT id, username, password, admin FROM user WHERE username = ? LIMIT 1";
|
|
$stmt = mysqli_prepare($conn, $login_sql);
|
|
mysqli_stmt_bind_param($stmt, 's', $username);
|
|
if (!mysqli_stmt_execute($stmt)) {
|
|
failed_login('login select statement failed');
|
|
}
|
|
mysqli_stmt_store_result($stmt);
|
|
if (mysqli_stmt_num_rows($stmt) != 1) {
|
|
failed_login();
|
|
}
|
|
mysqli_stmt_bind_result($stmt, $id, $username, $password_hash, $admin);
|
|
mysqli_stmt_fetch($stmt);
|
|
if (!password_verify($password, $password_hash)) {
|
|
failed_login();
|
|
}
|
|
|
|
session_start();
|
|
$_SESSION['id'] = $id;
|
|
$_SESSION['username'] = $username;
|
|
$_SESSION['admin'] = $admin;
|
|
|
|
//TODO: add some sort of message
|
|
header('Location: /');
|
|
}
|
|
|
|
display_header("~chan - login");
|
|
?>
|
|
<div style="
|
|
margin: auto;
|
|
width: 300px;
|
|
padding-top: 100px;
|
|
">
|
|
<h1>login</h1>
|
|
<form action="login.php" method="post" class="input-form">
|
|
<table>
|
|
<tr>
|
|
<td><b>username:</b></td>
|
|
<td>
|
|
<input name="user" type="text">
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td><b>password:</b></td>
|
|
<td>
|
|
<input name="pass" type="password">
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
<br>
|
|
<button type="Submit">submit</button>
|
|
<?php if (isset($_GET['error'])): ?>
|
|
<br><br>
|
|
<div class="error">
|
|
<?php echo htmlspecialchars($_GET['error']); ?>
|
|
</div>
|
|
<?php endif; ?>
|
|
</form>
|
|
</div>
|
|
<?php
|
|
display_footer();
|
|
?>
|