35 lines
908 B
PHP
35 lines
908 B
PHP
<?php
|
|
if (!defined('ONYX')) exit;
|
|
|
|
if ($SESS->level < 1)
|
|
{
|
|
if (isset($_POST['username']) && isset($_POST['password']))
|
|
{
|
|
$username = $_POST['username'];
|
|
$password = $_POST['password'];
|
|
|
|
$bdd = new BDD();
|
|
|
|
// TODO: use function
|
|
$hash = mdp($bdd->escape($username), $bdd->escape($password));
|
|
$result = $bdd->unique_query("SELECT username, auth_level FROM users
|
|
WHERE username='$username'
|
|
AND password=unhex('$hash')");
|
|
|
|
if (!empty($result) && $result['auth_level'] != 0)
|
|
{
|
|
$SESS->level = $result['auth_level'];
|
|
$SESS->values = $result;
|
|
$SESS->put($username);
|
|
header("Location: /home");
|
|
exit;
|
|
}
|
|
}
|
|
$page = "public/login";
|
|
}
|
|
else
|
|
{
|
|
// Show some page ?
|
|
header("Location: /home");
|
|
}
|