connect_error) { die("Server Error"); } $sql = "SELECT id, password_hash, active FROM smz_auth_users WHERE id='$uid' OR email='$uid'"; $result = $conn->query($sql); $conn->close(); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $uid = $row["id"]; if ($row["active"] == 0){ //account deaktiviert echo("Der Account ist gesperrt."); }else { if (password_verify($upass, $row["password_hash"])) { // erfolg createSession($uid); }else { //login failed echo("passwortfehler"); } } } } else { echo "Nutzer nicht gefunden. Geben Sie entweder die E-Mail oder die ID ein."; } function createSession($uid){ $sessionID = generateRandomString(); $expiry = time() + 432000; // 5 Tage global $dbservername; global $dbusername; global $dbpassword; global $dbname; $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname); if ($conn->connect_error) { die("Server Error"); } $sql = "INSERT INTO smz_auth_sessions (sessionId, uid, creation, expiry, active) VALUES ('$sessionID', '$uid', '". time() ."', '$expiry', TRUE)"; if ($conn->query($sql) === TRUE) { // echo "New record created successfully"; setcookie("SMZ-Auth", $sessionID, $expiry); } else { echo "Error: " . $sql . "
" . $conn->error; } $conn->close(); } function generateRandomString($length = 32) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[random_int(0, $charactersLength - 1)]; } return $randomString; } ?>