64 lines
No EOL
1.7 KiB
PHP
64 lines
No EOL
1.7 KiB
PHP
<?php
|
|
require("../libs/page.php");
|
|
|
|
function post_handler() {
|
|
global $db;
|
|
|
|
// there is 100% a better way to do this but i need to test
|
|
if (!array_key_exists('pass',$_POST) || !array_key_exists('user',$_POST)) {
|
|
return '';
|
|
}
|
|
|
|
$user = $_POST['user'];
|
|
$pass = $_POST['pass'];
|
|
|
|
$stmt = $db->prepare("SELECT * FROM auth WHERE UPPER(username) LIKE UPPER(?)");
|
|
$stmt->execute([$user]);
|
|
|
|
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$result) return 'Username does not exist.';
|
|
|
|
$verified = password_verify($pass,$result['password']);
|
|
|
|
if (!$verified) return 'Password is wrong.';
|
|
|
|
$token = bin2hex(random_bytes(32));
|
|
|
|
$stmt = $db->prepare("INSERT INTO token (username, token) VALUES (?, ?)");
|
|
$stmt->execute([$user,$token]);
|
|
|
|
setcookie("token", $token, time()+3600*24);
|
|
|
|
header("Location: /");
|
|
die();
|
|
}
|
|
|
|
page_header();
|
|
|
|
$form_message = post_handler();
|
|
|
|
// TODO: form builder. this is lazy for testing purposes
|
|
?>
|
|
|
|
<form class='form' enctype="multipart/form-data" method="POST">
|
|
<h1 class="form-heading">
|
|
Join
|
|
</h1>
|
|
<span class='form-message'>
|
|
<?php echo $form_message ?>
|
|
</span>
|
|
<span class='form-key'>
|
|
Username
|
|
</span>
|
|
<input class='form-input' type="text" name="user" value="">
|
|
<span class='form-key'>
|
|
Password
|
|
</span>
|
|
<input class='form-input' type="password" name="pass" value="">
|
|
<input class='form-button' type="Submit" name="Submit">
|
|
</form>
|
|
|
|
<?php
|
|
page_footer();
|
|
?>
|