1
0
Fork 0
Manager/pages/login.php

59 lines
2.4 KiB
PHP
Raw Normal View History

2020-06-03 15:31:18 +00:00
<?php
$HTML = new HTML();
$HTML->setHTMLTitle("Login");
2023-08-23 16:16:35 +00:00
$HTML->importHTML("login.html");
2023-08-23 16:16:34 +00:00
if($_SERVER['REQUEST_METHOD'] == 'POST')
2020-06-03 15:31:18 +00:00
{
2023-08-23 16:16:35 +00:00
include_once 'app/FormValidator.php';
2023-08-23 16:16:34 +00:00
$validator = new FormValidator(array(
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
2023-08-23 16:16:34 +00:00
));
if(!$validator->isValid($_POST)) {
2023-08-23 16:16:36 +00:00
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein.");
2023-08-23 16:16:34 +00:00
}
else {
2023-08-23 16:16:36 +00:00
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel,passwordHash,passwordSalt FROM UserAccounts JOIN auth ON UserAccounts.PrincipalID = auth.UUID WHERE FirstName = ? AND LastName = ? LIMIT 1");
$statementUser->execute(explode(" ", trim($_POST['username'])));
$res = ['passwordHash' => '', 'passwordSalt' => ''];
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:36 +00:00
if($rowUser = $statementUser->fetch()) {
$res = $rowUser;
}
2020-08-04 09:44:59 +00:00
2023-08-23 16:16:36 +00:00
if(hash_equals(md5(md5($_POST['password']).":".$res['passwordSalt']), $res['passwordHash'])) {
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
$_SESSION['LASTNAME'] = trim($rowUser['LastName']);
$_SESSION['EMAIL'] = trim($rowUser['Email']);
$_SESSION['PASSWORD'] = $rowAuth['passwordHash'];
$_SESSION['SALT'] = $rowAuth['passwordSalt'];
$_SESSION['UUID'] = $rowUser['PrincipalID'];
$_SESSION['LEVEL'] = $rowUser['UserLevel'];
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
$_SESSION['LOGIN'] = 'true';
header("Location: index.php?page=dashboard");
die();
2020-06-03 15:31:18 +00:00
}
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch.");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
2020-06-03 15:31:18 +00:00
}
}
2023-08-23 16:16:36 +00:00
else if(isset($_SESSION) && isset($_SESSION['loginMessage'])) {
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', $_SESSION['loginMessage']);
$HTML->ReplaceLayoutInhalt('%%MESSAGECOLOR%%', $_SESSION['loginMessageColor']);
unset($_SESSION['loginMessage']);
2023-08-23 16:16:36 +00:00
unset($_SESSION['loginMessageColor']);
}
2023-08-23 16:16:34 +00:00
2020-06-03 15:31:18 +00:00
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red");
2020-06-03 15:31:18 +00:00
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");
$HTML->build();
echo $HTML->ausgabe();
?>