index.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. <?php
  2. /*
  3. * The MIT License
  4. *
  5. * Copyright 2017 Jeroen De Meerleer <me@jeroened.be>.
  6. *
  7. * Permission is hereby granted, free of charge, to any person obtaining a copy
  8. * of this software and associated documentation files (the "Software"), to deal
  9. * in the Software without restriction, including without limitation the rights
  10. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11. * copies of the Software, and to permit persons to whom the Software is
  12. * furnished to do so, subject to the following conditions:
  13. *
  14. * The above copyright notice and this permission notice shall be included in
  15. * all copies or substantial portions of the Software.
  16. *
  17. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  23. * THE SOFTWARE.
  24. */
  25. require_once "include/initialize.inc.php";
  26. if ($_SERVER["REQUEST_METHOD"] == "GET") {
  27. if(isset($_COOKIE["secure_auth"]) && isset($_COOKIE["secure_auth_name"])) {
  28. $userQry = $db->prepare("SELECT * FROM users WHERE name = ?");
  29. $userQry->execute(array($_COOKIE["secure_auth_name"]));
  30. $user = $userQry->fetchAll(PDO::FETCH_ASSOC);
  31. if (in_array($_COOKIE["secure_auth"], unserialize($user[0]["autologin"]))) {
  32. $_SESSION['userID'] = $user[0]['userID'];
  33. header("location:overview.php");
  34. exit;
  35. }
  36. }
  37. $loader = new Twig_Loader_Filesystem('templates');
  38. $twig = new Twig_Environment($loader, array('cache' => 'cache', "debug" => true));
  39. $error = "";
  40. if (isset($_GET["error"])) {
  41. switch ($_GET["error"]) {
  42. case "emptyfields":
  43. $error = "Some fields were empty"; break;
  44. case "invalidcredentials":
  45. $error = "The credentials were invalid"; break;
  46. }
  47. }
  48. echo $twig->render('index.html.twig', array("error" => $error));
  49. }
  50. elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
  51. if (empty($_POST['name']) || empty($_POST['passwd'])) {
  52. header("location:index.php?error=emptyfields");
  53. exit;
  54. }
  55. $passwd = $_POST['passwd'];
  56. $name = $_POST['name'];
  57. $autologin = $_POST["autologin"];
  58. $userQry = $db->prepare("SELECT * FROM users WHERE name = ?");
  59. $userQry->execute(array($name));
  60. $user = $userQry->fetchAll(PDO::FETCH_ASSOC);
  61. if ( password_verify($passwd, $user[0]['password']) ) {
  62. $_SESSION['userID'] = $user[0]['userID'];
  63. if ($autologin = "autologin") {
  64. $autologin = hash("sha512", time() . $user[0]["name"] . $user[0]["password"] . session_id());
  65. setcookie("secure_auth", $autologin, time() + (60 * 60 * 24 * 365));
  66. setcookie("secure_auth_name", $user[0]["name"] , time() + (60 * 60 * 24 * 365));
  67. $autologin_array = array();
  68. if (!empty($user[0]["autologin"])) $autologin_array = unserialize($user[0]["autologin"]);
  69. $autologin_array[] = $autologin;
  70. /*var_dump($autologin_array);
  71. exit;*/
  72. $loginQry = $db->prepare("UPDATE users SET autologin = ? WHERE userID = ?");
  73. $loginQry->execute(array(serialize($autologin_array), $_SESSION["userID"]));
  74. }
  75. header("location:overview.php");
  76. exit;
  77. } else {
  78. header("location:index.php?error=invalidcredentials");
  79. exit;
  80. }
  81. }
  82. require_once 'include/finalize.inc.php';