forked from lakridserne/teaminator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
71 lines (65 loc) · 2.24 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
/**
* Coding Pirates Teaminator
* Used to generate teams at Coding Pirates Game Jam 2015-2016
*/
if(!isset($_REQUEST['submit'])) {
include("header.php");
?>
<div class="row">
<div class="col-md-4"></div>
<div class="col-md-4">
<form name="loginForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="form-group">
<label for="username">Brugernavn</label>
<input type="text" name="username" id="username" />
</div>
<div class="form-group">
<label for="password">Kodeord</label>
<input type="password" name="password" id="password" />
</div>
<br />
<button name="submit" type="submit" class="btn btn-default btn-block">Log ind</button>
</form>
</div>
<div class="col-md-4"></div>
</div>
<?php
} else {
$teaminator_url = "https://www.rathhansen.com/teaminator/";
include_once("dbConnect.php");
$db = new DB;
session_start();
// login logic
if(isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
// both user and pass set - let's check it!
$login_sql = "SELECT ID, pass, salt FROM users WHERE user=:username";
$login_val = [[":username",$_REQUEST['username']]];
if($db->count($login_sql,$login_val) == 1) {
$pwd = $db->query($login_sql,$login_val);
$sec_pass = sha1($_REQUEST['password'] . $pwd[0]['salt']);
if($sec_pass == $pwd[0]['pass']) {
// We're in. Now generate a token for the user
$token = substr(str_shuffle("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 1).substr(md5(time()),1);
$set_token_sql = "UPDATE users SET login_hash=:login_hash WHERE ID=:ID";
$set_token_values = [
[":login_hash",$token],
[":ID",$pwd[0]['ID']]
];
$db->query($set_token_sql,$set_token_values);
// Now update our session
$_SESSION['login_ID'] = $pwd[0]['ID'];
$_SESSION['login_user'] = $_REQUEST['username'];
$_SESSION['login_hash'] = $token;
// We're in - go to next page
header("Location: " . $teaminator_url);
} else {
header("Location: " . $teaminator_url . "login.php");
}
} else {
header("Location: " . $teaminator_url . "login.php");
}
}
}
include("footer.php");
?>