This commit is contained in:
Walter Hupfeld 2024-02-22 17:07:36 +01:00
parent c2f8c93ef3
commit 7c658e28f9

View File

@ -24,14 +24,14 @@ $boolLogin=true;
if (isset($_POST['login']) && isset($_POST['password'])) { if (isset($_POST['login']) && isset($_POST['password'])) {
$strUser = trim($_POST['login']); $strUser = trim($_POST['login']);
$strPassword = trim($_POST['password']); $strPassword = trim($_POST['password']);
$strSQL = "SELECT username,passwordhash,district FROM user WHERE username='$strUser'"; $strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'";
$result = $db->query($strSQL); $result = $db->query($strSQL);
if ($row=$result->fetch(PDO::FETCH_ASSOC)) { if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
$boolOk = $strDistrict==$row['district'] || $row['username']=="admin"; $boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) { if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
$_SESSION['user']=$strUser; $_SESSION['user']=$strUser;
$_SESSION['csrf_token'] = uniqid('', true); $_SESSION['csrf_token'] = uniqid('', true);
$_SESSION['superadmin'] = $row['username']=="admin"; $_SESSION['superadmin'] = $row['role']=="admin";
header ("Location: index.php"); header ("Location: index.php");
} else { } else {
$boolLogin=false; $boolLogin=false;