bigly-chat/docs/login.php

<?php

require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");

function post_handler()
{
    global $db;

    // there is 100% a better way to do this but i need to test
    if (!array_key_exists('pass', $_POST) || !array_key_exists('user', $_POST)) {
        return '';
    }

    $user = $_POST['user'];
    $pass = $_POST['pass'];

    $stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
    $stmt->execute([$user]);

    $result = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$result) {
        return 'Username does not exist.';
    }

    $verified = password_verify($pass, $result['password']);

    if (!$verified) {
        return 'Password is wrong.';
    }

    $token = bin2hex(random_bytes(32));

    $stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");
    $stmt->execute([$user,$token]);

    setcookie("token", $token, time() + 3600 * 24);

    if (isset($_GET['next'])) {
        $gett = htmlspecialchars($_GET['next'] . '?token=' . $token);
        echo "<script>window.location.href = '$gett'</script>";
        page_footer();
        die();
    }

    header("Location: /");
    die();
}

page_header();

$form_message = post_handler();

form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(
    array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
    array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')
));

page_footer();
basic auth 2024-11-26 11:38:28 -05:00			`<?php`
minor fixes 2025-02-05 01:27:45 -05:00
			`require(__DIR__ . "/../libs/page.php");`
			`require(__DIR__ . "/../libs/form.php");`

			`function post_handler()`
			`{`
			`global $db;`

			`// there is 100% a better way to do this but i need to test`
			`if (!array_key_exists('pass', $_POST) \|\| !array_key_exists('user', $_POST)) {`
			`return '';`
			`}`

			`$user = $_POST['user'];`
			`$pass = $_POST['pass'];`

			`$stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");`
			`$stmt->execute([$user]);`

			`$result = $stmt->fetch(PDO::FETCH_ASSOC);`

			`if (!$result) {`
			`return 'Username does not exist.';`
			`}`

			`$verified = password_verify($pass, $result['password']);`

			`if (!$verified) {`
			`return 'Password is wrong.';`
			`}`

			`$token = bin2hex(random_bytes(32));`

			`$stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");`
			`$stmt->execute([$user,$token]);`

			`setcookie("token", $token, time() + 3600 * 24);`

			`if (isset($_GET['next'])) {`
			`$gett = htmlspecialchars($_GET['next'] . '?token=' . $token);`
			`echo "<script>window.location.href = '$gett'</script>";`
			`page_footer();`
basic auth 2024-11-26 11:38:28 -05:00			`die();`
			`}`

minor fixes 2025-02-05 01:27:45 -05:00			`header("Location: /");`
			`die();`
			`}`

			`page_header();`

			`$form_message = post_handler();`

			`form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(`
			`array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),`
			`array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')`
			`));`

			`page_footer();`