threadr.lostcave.ddnss.de/threadr/login/redirect.php

30 lines
1.1 KiB
PHP
Raw Normal View History

2020-02-19 15:50:13 +01:00
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
2020-02-20 19:40:20 +01:00
$statement = $pdo->prepare('SELECT id, authentication_algorithm, authentication_salt, authentication_string FROM users WHERE name = :username;');
2020-02-19 15:50:13 +01:00
$result = $statement->execute(array('username' => $username));
2020-02-20 19:44:21 +01:00
if ($statement->rowCount() > 0) {
2020-02-20 01:02:31 +01:00
//existing user name
2020-02-20 19:40:20 +01:00
$dbentry = $statement->fetch();
//chechk for correct password
if ($dbentry['authentication_string'] == hash($dbentry['authentication_algorithm'], $password . $dbentry['authentication_salt'])) {
//password correct
2020-02-20 22:01:47 +01:00
$_SESSION['user_id'] = $dbentry['id'];
$_SESSION['user_ip'] = $_SERVER['REMOTE_ADDR']; //ip will be used to prevent session stealing
2020-02-20 22:03:50 +01:00
header("Location: https://lostcave.ddnss.de/common/threadr/userhome/");
2020-02-20 19:40:20 +01:00
} else {
//password inorrect
2020-02-20 22:03:50 +01:00
header("Location: https://lostcave.ddnss.de/common/threadr/login/?error=credentials");
die();
2020-02-20 19:40:20 +01:00
}
2020-02-20 01:02:31 +01:00
} else {
//wrong user name
2020-02-20 22:03:50 +01:00
header("Location: https://lostcave.ddnss.de/common/threadr/login/?error=credentials&1=0");
die();
2020-02-20 01:02:31 +01:00
}
2020-02-19 15:50:13 +01:00
?>