minor fixes
This commit is contained in:
parent
daace699a6
commit
2ce4424db7
20 changed files with 674 additions and 621 deletions
docs
103
docs/login.php
103
docs/login.php
|
|
@ -1,55 +1,60 @@
|
|||
<?php
|
||||
require(__DIR__ . "/../libs/page.php");
|
||||
require(__DIR__ . "/../libs/form.php");
|
||||
|
||||
function post_handler() {
|
||||
global $db;
|
||||
|
||||
// there is 100% a better way to do this but i need to test
|
||||
if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$user = $_POST['user'];
|
||||
$pass = $_POST['pass'];
|
||||
|
||||
$stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
|
||||
$stmt->execute([$user]);
|
||||
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$result) return 'Username does not exist.';
|
||||
|
||||
$verified = password_verify($pass,$result['password']);
|
||||
|
||||
if (!$verified) return 'Password is wrong.';
|
||||
|
||||
$token = bin2hex(random_bytes(32));
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");
|
||||
$stmt->execute([$user,$token]);
|
||||
|
||||
setcookie("token", $token, time()+3600*24);
|
||||
|
||||
if (isset($_GET['next'])) {
|
||||
$gett = htmlspecialchars($_GET['next'] . '?token=' . $token);
|
||||
echo "<script>window.location.href = '$gett'</script>";
|
||||
page_footer();
|
||||
die();
|
||||
}
|
||||
|
||||
header("Location: /");
|
||||
require(__DIR__ . "/../libs/page.php");
|
||||
require(__DIR__ . "/../libs/form.php");
|
||||
|
||||
function post_handler()
|
||||
{
|
||||
global $db;
|
||||
|
||||
// there is 100% a better way to do this but i need to test
|
||||
if (!array_key_exists('pass', $_POST) || !array_key_exists('user', $_POST)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$user = $_POST['user'];
|
||||
$pass = $_POST['pass'];
|
||||
|
||||
$stmt = $db->prepare("SELECT * FROM main.auth WHERE UPPER(username) LIKE UPPER(?)");
|
||||
$stmt->execute([$user]);
|
||||
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (!$result) {
|
||||
return 'Username does not exist.';
|
||||
}
|
||||
|
||||
$verified = password_verify($pass, $result['password']);
|
||||
|
||||
if (!$verified) {
|
||||
return 'Password is wrong.';
|
||||
}
|
||||
|
||||
$token = bin2hex(random_bytes(32));
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO main.token (username, token) VALUES (?, ?)");
|
||||
$stmt->execute([$user,$token]);
|
||||
|
||||
setcookie("token", $token, time() + 3600 * 24);
|
||||
|
||||
if (isset($_GET['next'])) {
|
||||
$gett = htmlspecialchars($_GET['next'] . '?token=' . $token);
|
||||
echo "<script>window.location.href = '$gett'</script>";
|
||||
page_footer();
|
||||
die();
|
||||
}
|
||||
|
||||
page_header();
|
||||
|
||||
$form_message = post_handler();
|
||||
|
||||
form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(
|
||||
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
|
||||
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')
|
||||
));
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
page_footer();
|
||||
?>
|
||||
page_header();
|
||||
|
||||
$form_message = post_handler();
|
||||
|
||||
form("Log in (<a class='link' target='_blank' href='/register.php'>Register?</a>)", $form_message, array(
|
||||
array('key' => 'Username', 'type' => 'text', 'name' => 'user', 'default' => ''),
|
||||
array('key' => 'Password', 'type' => 'password', 'name' => 'pass', 'default' => '')
|
||||
));
|
||||
|
||||
page_footer();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue