diff options
Diffstat (limited to 'login.php')
| -rw-r--r-- | login.php | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/login.php b/login.php new file mode 100644 index 0000000..e60b7ed --- /dev/null +++ b/login.php @@ -0,0 +1,89 @@ +<?php +/** + * Check if the user is logged in + * + * This file should be required by all sensitive PHP scripts. It verifies that + * the client has been logged in, and if not, displays a login page. + * + * See also login-ajax.php, which is specific for files that are loaded through + * Ajax (and typically require a json response). + * + * @author Camil Staps + * + * BusinessAdmin: administrative software for small companies + * Copyright (C) 2015 Camil Staps (ViviSoft) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +require_once('./conf.php'); + +if (isset($_GET['logout'])) { + $_SESSION['login'] = false; + header('Location: ' . constants::url_external); + die(); +} + +if (!isset($_SESSION['login']) || $_SESSION['login'] === false) { + if (isset($_POST['username'])) { + $users = BusinessAdmin::getUsers($_pdo, ['`username`=?'], [$_POST['username']]); + if (count($users) == 0) { + $_msg = "No user {$_POST['username']} found.<br/>"; + } else { + $user = array_pop($users); + if ($user->verifyPassword($_POST['password'])) { + $_SESSION['login'] = $user->getId(); + $_user = $user; + return; + } else { + $_msg = "Password incorrect.<br/>"; + } + } + } + + include('./header.php'); +?> + <div class="container"> + <div class="row"> + <div class="col-md-4 col-md-offset-4"> + <div class="login-panel panel panel-default"> + <div class="panel-heading"> + <h3 class="panel-title">Login<i class="fa fa-lock fa-fw fa-lg pull-right"></i></h3> + </div> + <div class="panel-body"> + <?php + if (isset($_msg)) { + echo "<div class='form-group alert alert-danger'>$_msg</div>"; + } + ?> + <form action="" method="post"> + <div class="form-group"> + <input class="form-control" type="text" name="username" placeholder="Username" autofocus="autofocus"/> + </div> + <div class="form-group"> + <input class="form-control" type="password" name="password" placeholder="Password"/> + </div> + <input type="submit" class="btn btn-lg btn-success btn-block" value="login"/> + </form> + </div> + </div> + </div> + </div> + </div> + <?php + include('./footer.php'); + die(); +} + +$_user = new user($_pdo, $_SESSION['login']); |