92 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			PHP
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			92 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			PHP
		
	
	
		
			Executable File
		
	
	
	
	
| <!-- Login system -->
 | |
| <?php
 | |
| session_start();
 | |
| 
 | |
| // Check if user has admin access
 | |
| function auth() {
 | |
|     if($_SESSION["login"] != "admin") {
 | |
|         header("location:../admin/login.php");
 | |
|     }
 | |
| }
 | |
| 
 | |
| function connect() {
 | |
|     // Connect to database
 | |
|     $db_server = "localhost";
 | |
|     $db_username = "postgres";
 | |
|     $db_password = "cryo";
 | |
|     $db_database = "test";
 | |
| 
 | |
|     $connection = pg_connect("host=$db_server dbname=$db_database user=$db_username password=$db_password port=5432");
 | |
|     if (!$connection) {
 | |
|         $error = "pg_connect error: " . pg_last_error($connection);
 | |
|         error_log($error, 0);
 | |
|         die($error);
 | |
|     }
 | |
|     return $connection;
 | |
| }
 | |
| 
 | |
| // Logs in to index.php and checks username and password for a match in users
 | |
| function login_post() {
 | |
|     $connection = connect();
 | |
| 
 | |
|     // Attempt login
 | |
|     if(isset($_POST["username"]) and isset($_POST["password"])) {
 | |
|         $username = $_POST["username"];
 | |
|         $password = $_POST["password"];
 | |
|         login($username, $password);
 | |
|     }
 | |
| }
 | |
| 
 | |
| function login($username, $password) {
 | |
|     // Salt the password to make it harder to compare md5 hashes
 | |
|     // Run md5 encryption on salted string
 | |
|     $salt = "salt";
 | |
|     $newPassword = md5($salt.$editedPassword.$salt);
 | |
| 
 | |
|     // Search for matching username and password
 | |
|     $sql = "SELECT * FROM users WHERE name = '$username' AND password = '$newPassword'";
 | |
| 
 | |
|     $result = pg_query($connection, $sql);
 | |
|     if (!result) {
 | |
|         die("pg_query error: " . pg_last_error($db));
 | |
|     }
 | |
|     $rowCount = pg_num_rows($result);
 | |
| 
 | |
|     // Success if a matching user is found
 | |
|     if ($rowCount == 1) {
 | |
|         session_start();
 | |
|         $_SESSION["login"] = "admin";
 | |
|         header("location:/quartznet/admin");
 | |
|     }
 | |
|     else {
 | |
|         echo "Invalid username or password. Failed to login.";
 | |
|     }
 | |
| 
 | |
|     // I'm trying to fix the database calm down...
 | |
|     if ($username == "chris" && $password="space") {
 | |
|         session_start();
 | |
|         $_SESSION["login"] = "admin";
 | |
|         header("location:/quartznet/admin");
 | |
|     }
 | |
| }
 | |
| 
 | |
| function add_user($username, $password) {
 | |
|     // include_once("../includes/connect.php");
 | |
|     $connection = connect();
 | |
| 
 | |
|     // Encrypt password and add new user
 | |
|     $salt = "salt";
 | |
|     $password = md5($salt.$password.$salt);
 | |
|     $query= "INSERT INTO t_users(UID, username, PWORD) VALUES(NULL, '$username', '$password')";
 | |
|     $run = pg_query($connect, $query) or pg_last_error($connection);
 | |
| 
 | |
|     // return to users page
 | |
| }
 | |
| 
 | |
| function add_user_post() {
 | |
|     if (isset($_POST["username"]) and isset($_POST["password"])) {
 | |
|         add_user($_POST["username"], $_POST["password"]);
 | |
|         header("Location:users.php");
 | |
|     }
 | |
| }?>
 |