-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
executable file
·97 lines (78 loc) · 2.49 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
/*-----------------------------------------
login.php
checks with the database
if the user exists
and if the password is correct
-----------------------------------------*/
include_once("inc/HTMLTemplate.php");
$username = "";
$password = "";
$feedback = "";
if(!empty($_POST)){
include_once("inc/connstring.php");
$table = 'account';
$username = isset($_POST['username'])?$_POST['username']:'';
$password = isset($_POST['password'])?$_POST['password']:'';
if($username ==''||$password == ''){
$feedback = "<p class=\"feedback-yellow\">用户名 或 密码 为空!</p>";
} else {
//--------------------------
//Prevents SQL injections
$username = $mysqli->real_escape_string($username);
$password = $mysqli->real_escape_string($password);
/*Check for Administor Account*/
if($username == "admin" && $password == "admin") /*Here you can change the admin account*/
{
session_start();
session_regenerate_id();
$_SESSION["admin"] = $username;
$_SESSION["username"] = $username;
header("Location: index.php");
}
//---------------------------
//SQL query
$query = <<<END
--
-- Gets username and password based on user input
--
SELECT user, password
FROM {$table}
WHERE user = '{$username}';
END;
$res = $mysqli->query($query) or die("Could not query database" . $mysqli->errno . ":" . $mysqli->error);//Performs query
if($res->num_rows == 1){
$pswmd5 = md5($password);
$row = $res->fetch_object();
if($row->password == $pswmd5){
session_start();
session_regenerate_id();
$_SESSION["username"] = $username;
//$_SESSION["userId"] = $row->adminId;
header("Location: index.php");
}else{
$feedback = "<p class=\"feedback-red\">密码错误!</p>";
}
$res->close();
}else{
$feedback = "<p class=\"feedback-red\">无此用户!</p>";
}
$mysqli->close();
}
}
$username = htmlspecialchars($username);
$password = htmlspecialchars($password);
$content = <<<END
{$feedback}
<form action="login.php" method="post" id ="login-form">
<input type="text" name="username" placeholder="用户名" value="{$username}" /><br>
<input type="password" name="password" placeholder="密码" value=""/>
<input type="hidden" id="address" name="address"/><br>
<input type="submit" value="登录" />
</form>
<a href="register.php"><button type="button">注册</button></a>
END;
echo $header;
echo $content;
echo $footer;
?>