logging in works now
This commit is contained in:
trinkey
parent
d8f1874ebb
commit
6a10ff81f6
3 changed files with 40 additions and 23 deletions
|
|
@ -1,6 +1,9 @@
|
|||
<?php
|
||||
include "config.php";
|
||||
include "helper.php";
|
||||
include "boilerplate/head.php";
|
||||
|
||||
echo(is_logged_in());
|
||||
?>
|
||||
|
||||
<a href="login.php">Log In</a>
|
||||
|
|
|
|||
47
login.php
47
login.php
|
|
@ -1,28 +1,47 @@
|
|||
<?php
|
||||
include "config.php";
|
||||
include "helper.php";
|
||||
|
||||
if (is_logged_in()) {
|
||||
header("Location: index.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
$u = "";
|
||||
$p = "";
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] === "POST") {
|
||||
$u = $_POST["username"];
|
||||
$u = strtolower(str_replace(" ", "", $_POST["username"]));
|
||||
$p = $_POST["password"];
|
||||
|
||||
if ($u && $p) {
|
||||
$response = pg_select(
|
||||
$db,
|
||||
"users",
|
||||
array("username" => $u)
|
||||
);
|
||||
if (!($u && $p)) {
|
||||
$err = "Bad request, missing username or password parameter";
|
||||
} else if (strlen($u) > 64 || strlen($u) === 0) {
|
||||
$err = "Username must be 1-64 chars";
|
||||
} else if (!preg_match("/^[a-z0-9_-]{1,64}$/", $u)) {
|
||||
$err = "Username can only include a-z, 0-9, _, and -";
|
||||
} else {
|
||||
$query = "SELECT password_hash FROM users WHERE username='$u' LIMIT 1;";
|
||||
|
||||
if (sizeof($response) === 0) {
|
||||
$response = pg_query($db, $query);
|
||||
|
||||
if (pg_num_rows($response) === 0) {
|
||||
$err = "User '" . htmlspecialchars($u) . "' not found";
|
||||
} else {
|
||||
echo json_encode($response);
|
||||
$user = pg_fetch_array($response);
|
||||
if (password_verify($p, $user["password_hash"])) {
|
||||
setcookie(
|
||||
"token",
|
||||
$token,
|
||||
time() + 60 * 60 * 24 * 30 * 265 // 1 year from now
|
||||
);
|
||||
header("Location: index.php");
|
||||
exit();
|
||||
} else {
|
||||
$err = "Incorrect password";
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$err = "Bad request, missing username or password parameter";
|
||||
}
|
||||
} else {
|
||||
$u = "";
|
||||
$p = "";
|
||||
}
|
||||
|
||||
$title = "Log In";
|
||||
|
|
|
|||
11
signup.php
11
signup.php
|
|
@ -78,7 +78,7 @@
|
|||
}
|
||||
}
|
||||
|
||||
$title = "Log In";
|
||||
$title = "Sign Up";
|
||||
include "boilerplate/head.php";
|
||||
?>
|
||||
|
||||
|
|
@ -86,15 +86,10 @@
|
|||
<div><input placeholder="Username" name="username" value="<?php echo htmlspecialchars($u); ?>" maxlength="64" required></div>
|
||||
<div><input placeholder="Password" name="password" type="password" value="<?php echo htmlspecialchars($p); ?>" required></div>
|
||||
<div><input placeholder="Verify Password" name="verify" type="password" required></div>
|
||||
<div><input type="submit" value="Log in"></div>
|
||||
<div><input type="submit" value="Sign Up"></div>
|
||||
<p><a href="login.php">Log in instead?</a></p>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
$q = "SELECT count(*) FROM users LIMIT 1;";
|
||||
|
||||
if ($signups !== false || ($signups === false && pg_fetch_array(pg_query($db, $q))["count"] !== 0)) {
|
||||
echo "<p><a href=\"signup.php\">Sign up instead?</a></p>";
|
||||
}
|
||||
|
||||
include "boilerplate/foot.php";
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in a new issue