View sourcecode

The following files exists in this folder. Click to view.

login.php

58 lines UTF-8 Unix (LF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<?php
    session_start();
    require_once('databaseconnection.php');

    if(isset($_SESSION['username'])){
        header('location: home.php'); 
        exit();
    }
    
    if(isset($_COOKIE['remember'])){
        $sql "SELECT * FROM Users 
                WHERE CONCAT(password, SHA1(userId)) = :cookie";
        $stm $pdo->prepare($sql);
        $stm->execute([':cookie' => $_COOKIE['remember']]);
        $res $stm->fetch(PDO::FETCH_ASSOC);

        if(isset($res["userId"])){
            if($res['active'] != 1){
                setcookie('remember'''time() - 1);
                header('location: index.php?action=login&mess=deleted');
                exit();
            }
            $_SESSION['userId'] = $res['userId'];
            $_SESSION['username'] = $res['username'];
            $_SESSION['userlvl'] = $res['userlvl'];

            header('location: home.php'); 
            exit();
        }
    }

    if(isset($_POST['username']) and isset($_POST['password'])){
        $password sha1("LBM".trim($_POST['password'])."Stegen"); //krypterar
        $username trim($_POST['username']);
        $username htmlspecialchars($usernameENT_QUOTES"UTF-8");

        $sql "SELECT * FROM Users 
                WHERE username = :username AND password = :password";
        $stm $pdo->prepare($sql);
        $stm->execute(array('username' => $username'password' => $password));
        $res $stm->fetch(PDO::FETCH_ASSOC);
        if(isset($res["userId"])){
            if($res['active'] != 1){
                header('location: index.php?action=login&mess=deleted');
                exit();
            }
            $_SESSION['userlvl'] = $res['userlvl'];
            $_SESSION['username'] = $res['username'];
            $_SESSION['userId'] = $res['userId'];
            if(isset($_POST['remember']) && $_POST['remember']) #Sätter en kaka ifall remember me är ikryssad
            setcookie('remember'$res['password'] . sha1($res['userId']), time() + 2678400);
            header('location: home.php');
            exit();
        }
    }
    header('location: index.php?action=login&mess=wrong');
    exit();
?>