From c3da0f7c0755b09f942fe22cf1ccd2207a47e85f Mon Sep 17 00:00:00 2001 From: Walter Hupfeld Date: Fri, 15 Mar 2024 17:20:25 +0100 Subject: [PATCH] login --- admin/login.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/admin/login.php b/admin/login.php index 47f839c..0e747da 100644 --- a/admin/login.php +++ b/admin/login.php @@ -4,9 +4,9 @@ * Ideenmelder * Autor: Walter Hupfeld, Hamm * E-Mail: info@hupfeld-software.de - * Version: 1.0 + * Version: 3.0 * Datum: 18.05.2021 - * zuletzt bearbeitet: 21.02.2024 + * zuletzt bearbeitet: 15.03.2024 ******************************** */ // Starte die Session @@ -24,15 +24,20 @@ $boolLogin=true; if (isset($_POST['login']) && isset($_POST['password'])) { $strUser = trim($_POST['login']); $strPassword = trim($_POST['password']); - $strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'"; - $result = $db->query($strSQL); + $strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username=:user"; + $stmt = $db->prepare($strSQL); + $stmt->bindValue(':user',$strUser); + $result=$stmt->execute(); if ($row=$result->fetch(PDO::FETCH_ASSOC)) { $boolOk = $strDistrict==$row['district'] || $row['role']=="admin"; if (password_verify($strPassword,$row['passwordhash']) && $boolOk) { $_SESSION['user']=$strUser; $_SESSION['csrf_token'] = uniqid('', true); $_SESSION['superadmin'] = $row['role']=="admin"; - $db->query("UPDATE `user` SET `lastlogin`= NOW() WHERE `username`='$strUser'"); + $strSQL="UPDATE `user` SET `lastlogin`= NOW() WHERE `username`=:user"; + $stmt = $db->prepare($strSQL); + $stmt->bindValue(':user',$strUser); + $stmt->execute(); header ("Location: index.php"); } else { $boolLogin=false;