92 lines
2.2 KiB
PHP
Executable File
92 lines
2.2 KiB
PHP
Executable File
<!-- login system -->
|
|
<?php
|
|
session_start();
|
|
|
|
// Check if user has admin accesss
|
|
function auth()
|
|
{
|
|
if($_SESSION["login"] != "admin")
|
|
{
|
|
header("location:../admin/login.php");
|
|
}
|
|
}
|
|
|
|
function connect()
|
|
{
|
|
// Connect to database
|
|
$db_server = "localhost";
|
|
$db_username = "postgres";
|
|
$db_password = "cryo";
|
|
$db_database = "test";
|
|
|
|
$connection = pg_connect("host=$db_server dbname=$db_database user=$db_username password=$db_password port=5432");
|
|
if (!$connection)
|
|
{
|
|
$error = "pg_connect error: " . pg_last_error($connection);
|
|
error_log($error, 0);
|
|
die($error);
|
|
}
|
|
return $connection;
|
|
}
|
|
|
|
// Logins in to index.php
|
|
// checks username and password for a match in users
|
|
function login()
|
|
{
|
|
$connection = connect();
|
|
|
|
// login if input found
|
|
if(isset($_POST["username"]) and isset($_POST["password"]))
|
|
{
|
|
$username = $_POST["username"];
|
|
$password = $_POST["password"];
|
|
|
|
// salt the password to make it harder to compare md5 hashes
|
|
// run md5 encryption on salted string
|
|
$salt = "salt";
|
|
$newPassword = md5($salt.$editedPassword.$salt);
|
|
|
|
// search for matching username and password
|
|
$sql = "SELECT * FROM users WHERE name = '$username' AND password = '$password'";
|
|
|
|
$result = pg_query($connection, $sql);
|
|
if (!result)
|
|
{
|
|
die("pg_query error: " . pg_last_error($db));
|
|
}
|
|
$rowCount = pg_num_rows($result);
|
|
|
|
// if any user matches login attempt
|
|
if ($rowCount == 1)
|
|
{
|
|
session_start();
|
|
$_SESSION["login"] = "admin";
|
|
header("location:index.php");
|
|
}
|
|
else
|
|
{
|
|
echo "Invalid username or password. Failed to login.";
|
|
}
|
|
}
|
|
}
|
|
|
|
function add_user()
|
|
{
|
|
if (isset($_POST["username"]) and isset($_POST["password"]))
|
|
{
|
|
// include_once("../includes/connect.php");
|
|
$connection = connect();
|
|
|
|
// encrypt password and add new user
|
|
$username = $_POST["username"];
|
|
$password = $_POST["password"];
|
|
$salt = "salt";
|
|
$password = md5($salt.$password.$salt);
|
|
$query= "INSERT INTO t_users(UID, UNAME, PWORD) VALUES(NULL, '$username', '$password')";
|
|
$run = pg_query($connect, $query) or pg_last_error($connection);
|
|
|
|
// return to users page
|
|
header("Location:users.php");
|
|
}
|
|
}?>
|