-
Notifications
You must be signed in to change notification settings - Fork 2
/
login.php
60 lines (52 loc) · 1.8 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
require_once "config.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$con=mysqli_connect($sql_server, $sql_user, $sql_pass, $sql_database);
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$hostname = $_SERVER['HTTP_HOST'];
$path = dirname($_SERVER['PHP_SELF']);
$stmt = mysqli_prepare($con, "SELECT name, password, salt FROM user WHERE name = ? AND verified = 1");
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $name, $pass, $salt);
if(mysqli_stmt_fetch($stmt)){
// Benutzername und Passwort werden überprüft
if (sha1($password . $salt) == $pass) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
// Weiterleitung zur geschützten Startseite
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.1') {
if (php_sapi_name() == 'cgi') {
header('Status: 303 See Other');
}
else {
header('HTTP/1.1 303 See Other');
}
}
header('Location: http://'.$hostname.($path == '/' ? '' : $path).'/administer.php');
exit;
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<head>
<title>Restricted access</title>
</head>
<body>
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo "Username and/or password wrong.";
}
?>
<form action="login.php" method="post">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Log In" />
</form>
</body>
</html>