77 lines
1.8 KiB
PHP
77 lines
1.8 KiB
PHP
<?php
|
|
|
|
ini_set('display_errors', 1);
|
|
ini_set('display_startup_errors', 1);
|
|
error_reporting(E_ALL);
|
|
|
|
session_start();
|
|
|
|
|
|
function check_credentials($username, $userpw) {
|
|
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
|
|
require($root."/database/credentials.php");
|
|
// Connect the database
|
|
try{
|
|
$db = new PDO("mysql:host=$host;dbname=$database;charset=utf8",
|
|
$user,
|
|
$password,
|
|
array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
|
|
));
|
|
}catch (Exception $e){
|
|
die("Error : ".$e->getMessage());
|
|
}
|
|
$req = $db->prepare('SELECT password FROM `authors` WHERE `username`=:username');
|
|
$req->execute(array(
|
|
"username"=>$username,
|
|
));
|
|
if ($data = $req->fetch()){
|
|
$password_hash = $data['password'];
|
|
if (password_verify($userpw, $password_hash)) {
|
|
return True;
|
|
} else {
|
|
return False;
|
|
}
|
|
} else {
|
|
return False;
|
|
}
|
|
|
|
}
|
|
|
|
$_SESSION['error_msg'] = "";
|
|
|
|
if (isset($_POST['submit']))
|
|
{
|
|
if (isset($_POST['username']))
|
|
{
|
|
$username = $_POST['username'];
|
|
} else
|
|
{
|
|
$_SESSION['error_msg'] .= "You did not enter a proper username.\n";
|
|
}
|
|
if (isset($_POST['password'])) {
|
|
$password = $_POST['password'];
|
|
} else {
|
|
$_SESSION['error_msg'] .= "You did not enter a proper password.\n";
|
|
}
|
|
} else
|
|
{
|
|
$_SESSION['error_msg'] .= "You did not submit the register form.\n";
|
|
}
|
|
|
|
if ($_SESSION['error_msg'] == "")
|
|
{
|
|
|
|
if (check_credentials($username, $password))
|
|
{
|
|
$_SESSION['logged'] = True;
|
|
$_SESSION['username'] = $username;
|
|
header('Location: '."/");
|
|
} else {
|
|
$_SESSION['error_msg'] = "Incorrect password, please try again.\n";
|
|
header('Location: '."../../auth/login");
|
|
}
|
|
} else
|
|
{
|
|
// header('Location: '."../../auth/login");
|
|
}
|
|
?>
|