diff options
| author | lonkaars <loek@pipeframe.xyz> | 2023-05-13 14:35:04 +0200 |
|---|---|---|
| committer | lonkaars <loek@pipeframe.xyz> | 2023-05-13 14:35:04 +0200 |
| commit | d99d91293fe9e9ad683bbd079848df4031f0a77a (patch) | |
| tree | 26b234f733248a3f22503f1fef7644c3bc739f0c /lib | |
| parent | b8e90ea5ea7c41444d7fbce6848e4c3cf37c87e5 (diff) | |
add links to admin pages + more login
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/db.php | 4 | ||||
| -rw-r--r-- | lib/login.php | 34 |
2 files changed, 31 insertions, 7 deletions
@@ -1 +1,3 @@ -<?php $cursor = new mysqli("localhost", "loek", "", "webs"); ?> +<?php +$cursor = new mysqli("localhost", "loek", "", "webs"); +?> diff --git a/lib/login.php b/lib/login.php index 39dc612..45d4c83 100644 --- a/lib/login.php +++ b/lib/login.php @@ -1,24 +1,46 @@ <?php +require_once "../lib/db.php"; + +const PRIVILEGE_ADMIN = 1 << 30; +const PRIVILEGE_USER = 1 << 0; + $username = $_COOKIE['username']; $password = $_COOKIE['password']; +$user_id = null; +$user_privileges = 0; function login($username, $password) { + global $cursor, $user_id, $user_privileges; if (!$username) return false; if (!$password) return false; + + $statement = $cursor->prepare("select id, hash, privileges from user where user.name = ?"); + $statement->bind_param("s", $username); + if (!$statement->execute()) return false; + $res = $statement->get_result(); + if (!mysqli_num_rows($res)) return false; + $obj = $res->fetch_object(); + $user_id = $obj->id; + $user_privileges = $obj->privileges; + + // if (!password_verify($password, $obj->hash)) return false; + return true; } -function check_login() { - global $username, $password; - if (!login($username, $password)) return false; +function check_login($username, $password) { + if (!login($username, $password)) { + setcookie("username", "", -1, "/"); + setcookie("password", "", -1, "/"); + return false; + } return true; } -require_once "../lib/db.php"; function get_cart_count() { global $username, $cursor; - $statement = $cursor->prepare("select sum(cart.count) as count from cart join customer on customer.id = cart.customer join product on product.id = cart.product where customer.name = ?"); + $statement = $cursor->prepare("select sum(cart.count) as count from cart join user on user.id = cart.user join product on product.id = cart.product where user.name = ?"); $statement->bind_param("s", $username); if (!$statement->execute()) return 0; $res = $statement->get_result(); @@ -27,7 +49,7 @@ function get_cart_count() { return $obj->count; } -$logged_in = check_login(); +$logged_in = check_login($username, $password); $cart_count = get_cart_count(); function if_logged_in($is, $redirect, $back = false) { |