2013-10-09 21:41:52 +00:00
|
|
|
<?php
|
|
|
|
if (!defined('ONYX')) exit;
|
|
|
|
|
2013-10-10 02:47:37 +00:00
|
|
|
if (isset($_POST['username']) && isset($_POST['password']))
|
2013-10-09 21:41:52 +00:00
|
|
|
{
|
2013-10-10 02:47:37 +00:00
|
|
|
$username = $_POST['username'];
|
|
|
|
$password = $_POST['password'];
|
2013-10-09 21:41:52 +00:00
|
|
|
|
2013-10-10 02:47:37 +00:00
|
|
|
$bdd = new BDD();
|
2013-10-09 21:41:52 +00:00
|
|
|
|
2013-10-10 02:47:37 +00:00
|
|
|
// TODO: use function
|
|
|
|
$bdd->escape($username);
|
|
|
|
$bdd->escape($password);
|
|
|
|
$hash = mdp($username, $password);
|
|
|
|
$result = $bdd->unique_query("SELECT id, username, auth_level FROM users
|
2013-10-09 21:41:52 +00:00
|
|
|
WHERE username='$username'
|
|
|
|
AND password=unhex('$hash')");
|
|
|
|
|
2013-10-10 02:47:37 +00:00
|
|
|
if (!empty($result) && $result['auth_level'] != 0)
|
|
|
|
{
|
|
|
|
$SESS->level = $result["auth_level"];
|
|
|
|
$SESS->values = $result;
|
|
|
|
$SESS->put($result["id"]);
|
2013-10-09 21:41:52 +00:00
|
|
|
header("Location: /home");
|
2013-10-10 02:47:37 +00:00
|
|
|
exit;
|
|
|
|
}
|
2013-10-09 21:41:52 +00:00
|
|
|
}
|
2013-10-10 02:47:37 +00:00
|
|
|
|
|
|
|
$page = "public/login";
|