basic auth

2024-11-26 11:38:28 -05:00 · 2024-11-26 11:38:28 -05:00 · 73dafb8999
commit 73dafb8999
parent 0bd8a0cfc0
8 changed files with 274 additions and 0 deletions
--- a/docs/login.php
+++ b/docs/login.php
@ -0,0 +1,64 @@
+<?php
+    require("../libs/page.php");
+    
+    function post_handler() {
+        global $db;
+        
+        // there is 100% a better way to do this but i need to test
+        if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST)) {
+            return '';   
+        }
+        
+        $user = $_POST['user'];
+        $pass = $_POST['pass'];
+
+        $stmt = $db->prepare("SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)");
+        $stmt->execute([$user]);
+        
+        $result = $stmt->fetch(PDO::FETCH_ASSOC);
+        
+        if (!$result) return 'Username does not exist.';
+        
+        $verified = password_verify($pass,$result['password']);
+        
+        if (!$verified) return 'Password is wrong.';
+        
+        $token = bin2hex(random_bytes(32));
+        
+        $stmt = $db->prepare("INSERT INTO token (username, token) VALUES (?, ?)");
+        $stmt->execute([$user,$token]);
+    
+        setcookie("token", $token, time()+3600*24);
+    
+        header("Location: /");
+        die();
+    }
+
+    page_header();
+        
+    $form_message = post_handler();
+    
+    // TODO: form builder. this is lazy for testing purposes
+?>
+
+<form class='form' enctype="multipart/form-data" method="POST">
+    <h1 class="form-heading">
+        Join
+    </h1>
+    <span class='form-message'>
+        <?php echo $form_message ?>
+    </span>
+    <span class='form-key'>
+        Username
+    </span>
+    <input class='form-input' type="text" name="user" value="">
+    <span class='form-key'>
+        Password
+    </span>
+    <input class='form-input' type="password" name="pass" value="">
+    <input class='form-button' type="Submit" name="Submit">
+</form>
+
+<?php
+    page_footer();
+?>