70 lines
2.9 KiB
PHP
70 lines
2.9 KiB
PHP
<?php
|
|
$HTML = new HTML();
|
|
$HTML->setHTMLTitle("Login");
|
|
$HTML->importHTML("login.html");
|
|
|
|
if($_SERVER['REQUEST_METHOD'] == 'POST')
|
|
{
|
|
include_once 'app/FormValidator.php';
|
|
$validator = new FormValidator(array(
|
|
'username' => array('required' => true, 'regex' => '/^[^\\/<>\s]{1,64} [^\\/<>\s]{1,64}$/'),
|
|
'password' => array('required' => true, 'regex' => '/^.{1,1000}$/')
|
|
));
|
|
|
|
if(!$validator->isValid($_POST)) {
|
|
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Bitte gebe Benutzername (Vor- und Nachname) und Passwort ein.");
|
|
}
|
|
else {
|
|
$statementUser = $RUNTIME['PDO']->prepare("SELECT PrincipalID,FirstName,LastName,Email,UserLevel FROM UserAccounts WHERE FirstName = ? AND LastName = ? LIMIT 1");
|
|
$statementUser->execute(explode(" ", trim($_POST['username'])));
|
|
|
|
while($rowUser = $statementUser->fetch())
|
|
{
|
|
$statementAuth = $RUNTIME['PDO']->prepare("SELECT passwordHash,passwordSalt FROM auth WHERE UUID = ? LIMIT 1");
|
|
$statementAuth->execute(array($rowUser['PrincipalID']));
|
|
|
|
$RUNTIME['DEBUG']['LOGIN']['UUID'] = $rowUser['PrincipalID'];
|
|
|
|
while($rowAuth = $statementAuth->fetch())
|
|
{
|
|
if(md5(md5($_POST['password']).":".$rowAuth['passwordSalt']) == $rowAuth['passwordHash'])
|
|
{
|
|
session_unset(); // Unset pre-session variables, next request will generate a new CSRF token
|
|
$_SESSION['USERNAME'] = trim($_POST['username']);
|
|
$_SESSION['FIRSTNAME'] = trim($rowUser['FirstName']);
|
|
$_SESSION['LASTNAME'] = trim($rowUser['LastName']);
|
|
$_SESSION['EMAIL'] = trim($rowUser['Email']);
|
|
$_SESSION['PASSWORD'] = $rowAuth['passwordHash'];
|
|
$_SESSION['SALT'] = $rowAuth['passwordSalt'];
|
|
$_SESSION['UUID'] = $rowUser['PrincipalID'];
|
|
$_SESSION['LEVEL'] = $rowUser['UserLevel'];
|
|
$_SESSION['DISPLAYNAME'] = strtoupper($rowUser['FirstName'].' '.$rowUser['LastName']);
|
|
$_SESSION['LOGIN'] = 'true';
|
|
|
|
header("Location: index.php?page=".urlencode($_REQUEST['page']));
|
|
die();
|
|
}
|
|
}
|
|
}
|
|
|
|
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "Benutzername und/oder Passwort falsch.");
|
|
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", htmlspecialchars($_POST['username']));
|
|
}
|
|
}
|
|
else if(isset($_SESSION) && isset($_SESSION['resetMessage'])) {
|
|
unset($_SESSION['resetMessage']);
|
|
$HTML->ReplaceLayoutInhalt('%%LOGINMESSAGE%%', 'Du kannst dich jetzt mit deinem neuen Passwort einloggen!');
|
|
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "darkgreen");
|
|
}
|
|
|
|
if(isset($_REQUEST['page']) && preg_match('/^[0-9a-zA-Z]{1-100}$/', $_REQUEST['page']) && file_exists("./pages/".$_REQUEST['page'].".php"))
|
|
$HTML->ReplaceLayoutInhalt("%%PAGENAME%%", urlencode($_REQUEST['page']));
|
|
|
|
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
|
|
$HTML->ReplaceLayoutInhalt("%%MESSAGECOLOR%%", "red");
|
|
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");
|
|
$HTML->ReplaceLayoutInhalt("%%PAGENAME%%", "dashboard");
|
|
|
|
$HTML->build();
|
|
echo $HTML->ausgabe();
|
|
?>
|