diff options
| author | Andrew Dolgov <[email protected]> | 2021-03-05 21:14:35 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-03-05 21:14:35 +0300 |
| commit | 2b8b845abe7c13ecbb266613910484310cffe8e1 (patch) | |
| tree | 90bd2e93737c2aad17cfb09496cc57cf3f9968cd /login.php | |
| parent | b2341679d53b227fc90fba34c3a7e6453e3cad6e (diff) | |
* use ORM for trivial queries
* environment-based configuration
* useradm.php -> update.php with new options
* support for schema migrations
* various fixes
Diffstat (limited to 'login.php')
| -rw-r--r-- | login.php | 135 |
1 files changed, 67 insertions, 68 deletions
@@ -1,93 +1,92 @@ <?php - require_once "config.php"; - require_once "common.php"; - - sanity_check(); + set_include_path(__DIR__ ."/include" . PATH_SEPARATOR . + get_include_path()); + require_once "common.php"; require_once "sessions.php"; - @$op = $_REQUEST["op"]; + Config::sanity_check(); + + $op = $_REQUEST["op"] ?? ""; $login_notice = ""; if ($op == "perform-login") { - $user = trim(mb_strtolower($_REQUEST["user"])); - $password = 'SHA256:' . hash('sha256', "$user:" . trim($_REQUEST["password"])); - - require_once "db.php"; + $username = trim(mb_strtolower($_REQUEST["user"])); + $pass_hash = 'SHA256:' . hash('sha256', "$username:" . trim($_REQUEST["password"])); - $dbh = Db::get(); + $user = ORM::for_table('epube_users') + ->where('user', $username) + ->where('pass', $pass_hash) + ->find_one(); - $sth = $dbh->prepare("SELECT id FROM epube_users WHERE user = ? AND pass = ?"); - $sth->execute([$user, $password]); + if ($user) { + if (session_status() != PHP_SESSION_ACTIVE) + session_start(); - if ($line = $sth->fetch()) { - - session_start(); session_regenerate_id(true); - $_SESSION["owner"] = $user; + $_SESSION["owner"] = $username; + $_SESSION["pass_hash"] = sha1($user->pass); + header("Location: index.php"); + exit; + } else { $login_notice = "Incorrect username or password"; } } - ?> <!DOCTYPE html> <html> -<head> - <meta name="viewport" content="width=device-width, initial-scale=1.0"> - <link href="lib/bootstrap/v3/css/bootstrap.min.css" rel="stylesheet" media="screen"> - <link href="lib/bootstrap/v3/css/bootstrap-theme.min.css" rel="stylesheet" media="screen"> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> - <script src="dist/app-libs.min.js"></script> - <title>The Epube</title> - <link type="text/css" rel="stylesheet" media="screen" href="dist/app.min.css" /> - <link rel="shortcut icon" type="image/png" href="img/favicon.png" /> - <link rel="manifest" href="manifest.json"> - <meta name="mobile-web-app-capable" content="yes"> - <script type="text/javascript"> - $(document).ready(function() { - /* global EpubeApp */ - - if (typeof EpubeApp != "undefined") { - EpubeApp.setPage("PAGE_LOGIN"); - } - }); - </script> -</head> -<body class="epube-login"> - -<div class="navbar navbar-default navbar-static-top"> -<div class="container"> - <div class="navbar-header"> - <span class="navbar-brand"><a href="?">The Epube</a></span> - </div> -</div> -</div> - -<div class="container"> - - <?php if ($login_notice) { ?> - <div class="alert alert-danger"><?php echo $login_notice ?></div> - <?php } ?> - - <form method="post"> - <input type="hidden" name="op" value="perform-login"> - - <div class="form-group"> - <label>User</label> - <input class="form-control" required="true" name="user"> + <head> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + <link href="lib/bootstrap/v3/css/bootstrap.min.css" rel="stylesheet" media="screen"> + <link href="lib/bootstrap/v3/css/bootstrap-theme.min.css" rel="stylesheet" media="screen"> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + <script src="dist/app-libs.min.js"></script> + <title>The Epube</title> + <link type="text/css" rel="stylesheet" media="screen" href="dist/app.min.css" /> + <link rel="shortcut icon" type="image/png" href="img/favicon.png" /> + <link rel="manifest" href="manifest.json"> + <meta name="mobile-web-app-capable" content="yes"> + <script type="text/javascript"> + $(document).ready(function() { + /* global EpubeApp */ + + if (typeof EpubeApp != "undefined") { + EpubeApp.setPage("PAGE_LOGIN"); + } + }); + </script> + </head> + <body class="epube-login"> + <div class="navbar navbar-default navbar-static-top"> + <div class="container"> + <div class="navbar-header"> + <span class="navbar-brand"><a href="?">The Epube</a></span> + </div> </div> - <div class="form-group"> - <label>Password</label> - <input type="password" class="form-control" name="password" required="true"> </div> - <button type="submit" class="btn btn-default">Log in</button> - </form> -</div> - -</body> + <div class="container"> + <?php if ($login_notice) { ?> + <div class="alert alert-danger"><?php echo $login_notice ?></div> + <?php } ?> + + <form method="post"> + <input type="hidden" name="op" value="perform-login"> + + <div class="form-group"> + <label>User</label> + <input class="form-control" required="true" name="user"> + </div> + <div class="form-group"> + <label>Password</label> + <input type="password" class="form-control" name="password" required="true"> + </div> + <button type="submit" class="btn btn-default">Log in</button> + </form> + </div> + </body> </html> |