Compare commits

...

2 Commits

Author SHA1 Message Date
Walter Hupfeld
e325b14ee7 Merge branch 'main' of https://gitea.bankerheide.de/whupfeld/melder 2024-03-15 17:24:40 +01:00
Walter Hupfeld
c3da0f7c07 login 2024-03-15 17:20:25 +01:00

View File

@ -4,9 +4,9 @@
* Ideenmelder * Ideenmelder
* Autor: Walter Hupfeld, Hamm * Autor: Walter Hupfeld, Hamm
* E-Mail: info@hupfeld-software.de * E-Mail: info@hupfeld-software.de
* Version: 1.0 * Version: 3.0
* Datum: 18.05.2021 * Datum: 18.05.2021
* zuletzt bearbeitet: 21.02.2024 * zuletzt bearbeitet: 15.03.2024
******************************** */ ******************************** */
// Starte die Session // Starte die Session
@ -24,15 +24,20 @@ $boolLogin=true;
if (isset($_POST['login']) && isset($_POST['password'])) { if (isset($_POST['login']) && isset($_POST['password'])) {
$strUser = trim($_POST['login']); $strUser = trim($_POST['login']);
$strPassword = trim($_POST['password']); $strPassword = trim($_POST['password']);
$strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'"; $strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username=:user";
$result = $db->query($strSQL); $stmt = $db->prepare($strSQL);
$stmt->bindValue(':user',$strUser);
$result=$stmt->execute();
if ($row=$result->fetch(PDO::FETCH_ASSOC)) { if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
$boolOk = $strDistrict==$row['district'] || $row['role']=="admin"; $boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) { if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
$_SESSION['user']=$strUser; $_SESSION['user']=$strUser;
$_SESSION['csrf_token'] = uniqid('', true); $_SESSION['csrf_token'] = uniqid('', true);
$_SESSION['superadmin'] = $row['role']=="admin"; $_SESSION['superadmin'] = $row['role']=="admin";
$db->query("UPDATE `user` SET `lastlogin`= NOW() WHERE `username`='$strUser'"); $strSQL="UPDATE `user` SET `lastlogin`= NOW() WHERE `username`=:user";
$stmt = $db->prepare($strSQL);
$stmt->bindValue(':user',$strUser);
$stmt->execute();
header ("Location: index.php"); header ("Location: index.php");
} else { } else {
$boolLogin=false; $boolLogin=false;