bigly-chat/docs/login.php

61 lines
1.5 KiB
PHP
Raw Normal View History

2024-11-26 11:38:28 -05:00
<?php
2025-02-05 01:27:45 -05:00
require(__DIR__ . "/../libs/page.php");
require(__DIR__ . "/../libs/form.php");
function post_handler()
{
global $db;
// there is 100% a better way to do this but i need to test
if (!array_key_exists('pass', $_POST) || !array_key_exists('user', $_POST)) {
return '';
}
$user = $_POST['user'];
$pass = $_POST['pass'];
$stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
$stmt->execute([$user]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$result) {
return 'Username does not exist.';
}
$verified = password_verify($pass, $result['password']);
if (!$verified) {
return 'Password is wrong.';
}
$token = bin2hex(random_bytes(32));
$stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");
$stmt->execute([$user,$token]);
setcookie("token", $token, time() + 3600 * 24);
if (isset($_GET['next'])) {
$gett = htmlspecialchars($_GET['next'] . '?token=' . $token);
echo "<script>window.location.href = '$gett'</script>";
page_footer();
2024-11-26 11:38:28 -05:00
die();
}
2025-02-05 01:27:45 -05:00
header("Location: /");
die();
}
page_header();
$form_message = post_handler();
form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')
));
page_footer();