2020-06-03 15:31:18 +00:00
< ? php
$HTML = new HTML ();
$HTML -> setHTMLTitle ( " Login " );
2023-08-23 16:16:35 +00:00
$HTML -> importHTML ( " login.html " );
2023-08-23 16:16:34 +00:00
2023-08-23 16:16:35 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' )
2020-06-03 15:31:18 +00:00
{
2023-08-23 16:16:35 +00:00
include_once 'app/FormValidator.php' ;
2023-08-23 16:16:34 +00:00
$validator = new FormValidator ( array (
2023-08-23 16:16:36 +00:00
'username' => array ( 'required' => true , 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/' ),
'password' => array ( 'required' => true , 'regex' => '/^.{1,1000}$/' )
2023-08-23 16:16:34 +00:00
));
if ( ! $validator -> isValid ( $_POST )) {
2023-08-23 16:16:36 +00:00
$HTML -> ReplaceLayoutInhalt ( " %%LOGINMESSAGE%% " , " Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein. " );
2023-08-23 16:16:34 +00:00
}
else {
2023-08-23 16:16:36 +00:00
$statementUser = $RUNTIME [ 'PDO' ] -> prepare ( " SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1 " );
$statementUser -> execute ( explode ( " " , trim ( $_POST [ 'username' ])));
$res = [ 'passwordHash' => '' , 'passwordSalt' => '' ];
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:36 +00:00
if ( $rowUser = $statementUser -> fetch ()) {
$res = $rowUser ;
}
2020-08-04 09:44:59 +00:00
2023-08-23 16:16:36 +00:00
if ( hash_equals ( md5 ( md5 ( $_POST [ 'password' ]) . " : " . $res [ 'passwordSalt' ]), $res [ 'passwordHash' ])) {
session_unset (); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION [ 'FIRSTNAME' ] = trim ( $rowUser [ 'FirstName' ]);
$_SESSION [ 'LASTNAME' ] = trim ( $rowUser [ 'LastName' ]);
$_SESSION [ 'EMAIL' ] = trim ( $rowUser [ 'Email' ]);
$_SESSION [ 'PASSWORD' ] = $rowAuth [ 'passwordHash' ];
$_SESSION [ 'SALT' ] = $rowAuth [ 'passwordSalt' ];
$_SESSION [ 'UUID' ] = $rowUser [ 'PrincipalID' ];
$_SESSION [ 'LEVEL' ] = $rowUser [ 'UserLevel' ];
$_SESSION [ 'DISPLAYNAME' ] = strtoupper ( $rowUser [ 'FirstName' ] . ' ' . $rowUser [ 'LastName' ]);
$_SESSION [ 'LOGIN' ] = 'true' ;
header ( " Location: index.php?page=dashboard " );
die ();
2020-06-03 15:31:18 +00:00
}
2023-08-23 16:16:36 +00:00
$HTML -> ReplaceLayoutInhalt ( " %%LOGINMESSAGE%% " , " Benutzername und/oder Passwort falsch. " );
$HTML -> ReplaceLayoutInhalt ( " %%LASTUSERNAME%% " , htmlspecialchars ( $_POST [ 'username' ]));
2020-06-03 15:31:18 +00:00
}
}
2023-08-23 16:16:36 +00:00
else if ( isset ( $_SESSION ) && isset ( $_SESSION [ 'loginMessage' ])) {
$HTML -> ReplaceLayoutInhalt ( '%%LOGINMESSAGE%%' , $_SESSION [ 'loginMessage' ]);
$HTML -> ReplaceLayoutInhalt ( '%%MESSAGECOLOR%%' , $_SESSION [ 'loginMessageColor' ]);
unset ( $_SESSION [ 'loginMessage' ]);
2023-08-23 16:16:36 +00:00
unset ( $_SESSION [ 'loginMessageColor' ]);
2023-08-23 16:16:36 +00:00
}
2023-08-23 16:16:34 +00:00
2020-06-03 15:31:18 +00:00
$HTML -> ReplaceLayoutInhalt ( " %%LOGINMESSAGE%% " , " " );
2023-08-23 16:16:36 +00:00
$HTML -> ReplaceLayoutInhalt ( " %%MESSAGECOLOR%% " , " red " );
2020-06-03 15:31:18 +00:00
$HTML -> ReplaceLayoutInhalt ( " %%LASTUSERNAME%% " , " " );
$HTML -> build ();
echo $HTML -> ausgabe ();
?>