70 lines
1.6 KiB
PHP
70 lines
1.6 KiB
PHP
<?php
|
|
|
|
/*
|
|
* smzint/Auth (c) schmamazon.com 2025
|
|
*/
|
|
|
|
include('db.ini.php');
|
|
include('random.php');
|
|
|
|
|
|
$uid = filter_var($_POST["uid"], FILTER_SANITIZE_SPECIAL_CHARS);
|
|
$upass = filter_var($_POST["upass"], FILTER_SANITIZE_SPECIAL_CHARS);
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Server Error");
|
|
}
|
|
$sql = "SELECT id, password_hash, active FROM smz_auth_users WHERE id='$uid' OR email='$uid'";
|
|
$result = $conn->query($sql);
|
|
$conn->close();
|
|
if ($result->num_rows > 0) {
|
|
while($row = $result->fetch_assoc()) {
|
|
$uid = $row["id"];
|
|
if ($row["active"] == 0){
|
|
//account deaktiviert
|
|
echo("Der Account ist gesperrt.");
|
|
}else
|
|
{
|
|
if (password_verify($upass, $row["password_hash"])) {
|
|
// erfolg
|
|
createSession($uid);
|
|
}else {
|
|
//login failed
|
|
echo("passwortfehler");
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
echo "Nutzer nicht gefunden. Geben Sie entweder die E-Mail oder die ID ein.";
|
|
}
|
|
|
|
function createSession($uid){
|
|
|
|
$sessionID = generateRandomString();
|
|
|
|
$expiry = time() + 432000; // 5 Tage
|
|
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Server Error");
|
|
}
|
|
$sql = "INSERT INTO smz_auth_sessions (sessionId, uid, creation, expiry, active) VALUES ('$sessionID', '$uid', '". time() ."', '$expiry', TRUE)";
|
|
|
|
if ($conn->query($sql) === TRUE) {
|
|
// echo "New record created successfully";
|
|
setcookie("SMZ-Auth", $sessionID, $expiry, "/");
|
|
} else {
|
|
echo "Error: " . $sql . "<br>" . $conn->error;
|
|
}
|
|
|
|
$conn->close();
|
|
|
|
}
|
|
|
|
|
|
?>
|