diff --git a/pages/login.php b/pages/login.php index 8b40eff..909af6a 100644 --- a/pages/login.php +++ b/pages/login.php @@ -1,14 +1,21 @@ setHTMLTitle("Login"); $HTML->importHTML("style/login/login.html"); - + if(isset($_POST['login'])) { - if(!isset($_POST['username']) || !isset($_POST['password'])) - { - $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername und Passwort an."); - }else{ + $validator = new FormValidator(array( + 'username' => array('required' => true, 'regex' => '([^\\\/<>\s]+ [^\\\/<>\s]+){3,255}'), + 'password' => array('required' => true, 'regex' => '.{1,1000}') + )); + + if(!$validator->isValid($_POST)) { + $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername und Passwort an."); + } + else { $statementUser = $RUNTIME['PDO']->prepare("SELECT * FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1"); $statementUser->execute(explode(" ", trim($_POST['username']))); @@ -45,10 +52,10 @@ } $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", $RUNTIME['MESSAGE']['LOGINERROR']); - $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", $_POST['username']); + $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", $_POST['username']); } } - + if(file_exists("./pages/".@$_REQUEST['page'].".php")) $HTML->ReplaceLayoutInhalt("%%PAGENAME%%", @$_REQUEST['page']);