Compare commits
No commits in common. "e325b14ee7d9367b7f7fbae1bc39f1a2ae5602aa" and "1e24715598f2cf003e47c2a5599aafd8d0d0ea5f" have entirely different histories.
e325b14ee7
...
1e24715598
@ -4,9 +4,9 @@
|
|||||||
* Ideenmelder
|
* Ideenmelder
|
||||||
* Autor: Walter Hupfeld, Hamm
|
* Autor: Walter Hupfeld, Hamm
|
||||||
* E-Mail: info@hupfeld-software.de
|
* E-Mail: info@hupfeld-software.de
|
||||||
* Version: 3.0
|
* Version: 1.0
|
||||||
* Datum: 18.05.2021
|
* Datum: 18.05.2021
|
||||||
* zuletzt bearbeitet: 15.03.2024
|
* zuletzt bearbeitet: 21.02.2024
|
||||||
******************************** */
|
******************************** */
|
||||||
|
|
||||||
// Starte die Session
|
// Starte die Session
|
||||||
@ -24,20 +24,15 @@ $boolLogin=true;
|
|||||||
if (isset($_POST['login']) && isset($_POST['password'])) {
|
if (isset($_POST['login']) && isset($_POST['password'])) {
|
||||||
$strUser = trim($_POST['login']);
|
$strUser = trim($_POST['login']);
|
||||||
$strPassword = trim($_POST['password']);
|
$strPassword = trim($_POST['password']);
|
||||||
$strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username=:user";
|
$strSQL = "SELECT username,passwordhash,district,role FROM user WHERE username='$strUser'";
|
||||||
$stmt = $db->prepare($strSQL);
|
$result = $db->query($strSQL);
|
||||||
$stmt->bindValue(':user',$strUser);
|
|
||||||
$result=$stmt->execute();
|
|
||||||
if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
|
if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
|
||||||
$boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
|
$boolOk = $strDistrict==$row['district'] || $row['role']=="admin";
|
||||||
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
|
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
|
||||||
$_SESSION['user']=$strUser;
|
$_SESSION['user']=$strUser;
|
||||||
$_SESSION['csrf_token'] = uniqid('', true);
|
$_SESSION['csrf_token'] = uniqid('', true);
|
||||||
$_SESSION['superadmin'] = $row['role']=="admin";
|
$_SESSION['superadmin'] = $row['role']=="admin";
|
||||||
$strSQL="UPDATE `user` SET `lastlogin`= NOW() WHERE `username`=:user";
|
$db->query("UPDATE `user` SET `lastlogin`= NOW() WHERE `username`='$strUser'");
|
||||||
$stmt = $db->prepare($strSQL);
|
|
||||||
$stmt->bindValue(':user',$strUser);
|
|
||||||
$stmt->execute();
|
|
||||||
header ("Location: index.php");
|
header ("Location: index.php");
|
||||||
} else {
|
} else {
|
||||||
$boolLogin=false;
|
$boolLogin=false;
|
||||||
|
Loading…
Reference in New Issue
Block a user