109 lines
3.3 KiB
PHP
109 lines
3.3 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
include("include/settings.php");
|
|
$db = new SQLite3('ask.db');
|
|
|
|
$logErrorMsg = "";
|
|
$validUser = $_SESSION["login"] === true;
|
|
if(isset($_SESSION["login"])) $validUser = $_SESSION["login"] === true;
|
|
if(isset($_POST["log"])){
|
|
if($_POST["logname"]){
|
|
$user = $_POST["logname"];
|
|
$shadow = $db->querySingle("SELECT shadow FROM users WHERE username = '$user'");
|
|
if(password_verify($_POST["password"],$shadow)){
|
|
$_SESSION["login"] = true;
|
|
$_SESSION["uid"] = $db->querySingle("SELECT id FROM users WHERE username = '$user'");
|
|
header("Location: /"); die();
|
|
}
|
|
else{
|
|
$logErrorMsg = "Incorrect user or password";
|
|
}
|
|
}
|
|
else $logErrorMsg = "Please input a username";
|
|
|
|
$validUser = $_POST["logname"] == "admin" && password_verify($_POST["password"], $hash);
|
|
if(!$validUser) $errorMsg = "Invalid username or password.";
|
|
else $_SESSION["login"] = true;
|
|
}
|
|
|
|
if($validUser){
|
|
header("Location: /"); die();
|
|
}
|
|
|
|
$regErrorMsg = "";
|
|
if(isset($_POST["reg"])){
|
|
if(password_verify($_POST["invite"],"$2y$10\$Mofyx6QsxEartbq..53zlu.FwTX0aMmUeRCNnISvfmrC44iA1SfSO")){
|
|
if($_POST["regname"]){
|
|
|
|
// Set user
|
|
$user = $_POST["regname"];
|
|
|
|
if(preg_match("/[^a-z0-9]/", $_POST["regname"])){
|
|
$regErrorMsg = "Only lowercase letters and numbers are allowed";
|
|
}
|
|
else if($db->querySingle("SELECT * FROM users WHERE username = '$user';")){
|
|
$regErrorMsg = "Username taken";
|
|
}
|
|
else{
|
|
if($_POST["password"]){
|
|
|
|
// Set password
|
|
$shadow = password_hash($_POST["password"], PASSWORD_DEFAULT);
|
|
|
|
// Insert user into DB
|
|
$db->exec("INSERT INTO users(username,name,shadow) VALUES ('$user','$user','$shadow')");
|
|
unset($_POST["regname"],$_POST["password"],$_POST["invite"]);
|
|
|
|
$regErrorMsg = "Account created successfully";
|
|
}
|
|
else $regErrorMsg = "Please input a password";
|
|
}
|
|
}
|
|
else $regErrorMsg = "Please input a username";
|
|
}
|
|
else $regErrorMsg = "Wrong invitation code";
|
|
}
|
|
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<?php include("themes/$theme_name/login.php"); ?>
|
|
<meta http-equiv="content-type" content="text/html;chartset=utf8"/>
|
|
<title>Login | LibreCat</title>
|
|
</head>
|
|
<body>
|
|
<?php include("include/header.php"); ?>
|
|
<div id="main-container">
|
|
|
|
<!-- Login -->
|
|
|
|
<div id="login-container" class="section">
|
|
<h2 class="title">Login</h2>
|
|
<form name="input" action="" method="post">
|
|
<label for="logname">Username:</label><input type="text" value="<?= $_POST["logname"] ?>" id="logname" name="logname"/><br/>
|
|
<label for="password">Password:</label><input type="password" id="password" name="password"/>
|
|
<?php if(isset($logErrorMsg)) echo "<p class='errmsg'>$logErrorMsg</p>\n"; ?>
|
|
<input type="submit" value="Login" name="log"/>
|
|
</form>
|
|
</div>
|
|
|
|
<!-- Register -->
|
|
|
|
<div id="register-container" class="section">
|
|
<h2 class="title">Register</h2>
|
|
<form name="input" action="" method="post">
|
|
<label for="regname">Username:</label><input type="text" value="<?= $_POST["regname"] ?>" id="regname" name="regname"/><br/>
|
|
<label for="password">Password:</label><input type="password" id="password" name="password"/><br/>
|
|
<label for="invite">Invite code:</label><input type="text" value="<?= $_POST["invite"] ?>" id="invite" name="invite"/><br/>
|
|
<?php if(isset($regErrorMsg)) echo "<p class='errmsg'>$regErrorMsg</p>\n"; ?>
|
|
<input type="submit" value="Register" name="reg"/>
|
|
</form>
|
|
</div>
|
|
|
|
</div> <!-- Main container -->
|
|
</body>
|
|
</html>
|