-
Notifications
You must be signed in to change notification settings - Fork 2
/
login.php
96 lines (88 loc) · 2.31 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
require_once(__DIR__ . "/global.php");
session_start();
HtmlHeader("login");
function print_html_main($fail_reason)
{
?>
<div class="login-page">
<div class="form">
<form method="post" action="login.php" class="login-form">
<input id="username" name="username" type="text" placeholder="username"/>
<input id="password" name="password" type="password" placeholder="password"/>
<button type="submit">login</button>
<p class="message">Not registered? <a href="register.php">Create an account</a></p>
<?php
if ($fail_reason != "none")
{
?>
<p class="message">Forgot password? <a href="reset_password.php">reset</a></p>
<?php
}
?>
</form>
</div>
</div>
<?php
if ($fail_reason != "none")
{
echo "<font color=\"red\">$fail_reason</font>";
}
}
if (!empty($_POST['username']) and !empty($_POST['password']))
{
$username = isset($_POST['username'])? $_POST['username'] : '';
$password = isset($_POST['password'])? $_POST['password'] : '';
$db = new PDO(DATABASE_PATH);
$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
$stmt = $db->prepare('SELECT * FROM Accounts WHERE Username = ? and Password = ?');
$stmt->execute(array($username, $password));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($rows)
{
$name = $rows[0]['Username'];
$email = $rows[0]['Mail'];
for ($i=0;$i<15;$i++)
{
$aConfig[$i] = $rows[0]['Config' . $i];
}
$_SESSION['Config'] = $aConfig;
$_SESSION['Username'] = $name;
$_SESSION['Mail'] = $email;
$_SESSION['IsLogged'] = "online";
$current_date = date("Y-m-d H:i:s");
$stmt = $db->prepare('UPDATE Accounts SET LastLogin = ? WHERE Username = ? ');
$stmt->execute(array($current_date, $_SESSION['Username']));
?>
<script type="text/javascript">
window.setTimeout(function()
{
window.location.href='index.php';
}, 2000);
</script>
<div class="login-page">
<div class="form">
<form action="index.php" class="login-form">
<a><?php echo "Logged in as '$name'."; ?></a>
<button type="submit">Okay</button>
</form>
</div>
</div>
<?php
}
else
{
print_html_main("wrong username or password");
$_SESSION['IsLogged'] = "failed";
}
}
else if (!empty($_POST['username']) or !empty($_POST['password']))
{
print_html_main("both fields are required");
}
else //no name or pw given -> ask for it
{
print_html_main("none");
}
fok();
?>