aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/db.php4
-rw-r--r--lib/login.php34
2 files changed, 31 insertions, 7 deletions
diff --git a/lib/db.php b/lib/db.php
index 6d158b7..d20c710 100644
--- a/lib/db.php
+++ b/lib/db.php
@@ -1 +1,3 @@
-<?php $cursor = new mysqli("localhost", "loek", "", "webs"); ?>
+<?php
+$cursor = new mysqli("localhost", "loek", "", "webs");
+?>
diff --git a/lib/login.php b/lib/login.php
index 39dc612..45d4c83 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -1,24 +1,46 @@
<?php
+require_once "../lib/db.php";
+
+const PRIVILEGE_ADMIN = 1 << 30;
+const PRIVILEGE_USER = 1 << 0;
+
$username = $_COOKIE['username'];
$password = $_COOKIE['password'];
+$user_id = null;
+$user_privileges = 0;
function login($username, $password) {
+ global $cursor, $user_id, $user_privileges;
if (!$username) return false;
if (!$password) return false;
+
+ $statement = $cursor->prepare("select id, hash, privileges from user where user.name = ?");
+ $statement->bind_param("s", $username);
+ if (!$statement->execute()) return false;
+ $res = $statement->get_result();
+ if (!mysqli_num_rows($res)) return false;
+ $obj = $res->fetch_object();
+ $user_id = $obj->id;
+ $user_privileges = $obj->privileges;
+
+ // if (!password_verify($password, $obj->hash)) return false;
+
return true;
}
-function check_login() {
- global $username, $password;
- if (!login($username, $password)) return false;
+function check_login($username, $password) {
+ if (!login($username, $password)) {
+ setcookie("username", "", -1, "/");
+ setcookie("password", "", -1, "/");
+ return false;
+ }
return true;
}
-require_once "../lib/db.php";
function get_cart_count() {
global $username, $cursor;
- $statement = $cursor->prepare("select sum(cart.count) as count from cart join customer on customer.id = cart.customer join product on product.id = cart.product where customer.name = ?");
+ $statement = $cursor->prepare("select sum(cart.count) as count from cart join user on user.id = cart.user join product on product.id = cart.product where user.name = ?");
$statement->bind_param("s", $username);
if (!$statement->execute()) return 0;
$res = $statement->get_result();
@@ -27,7 +49,7 @@ function get_cart_count() {
return $obj->count;
}
-$logged_in = check_login();
+$logged_in = check_login($username, $password);
$cart_count = get_cart_count();
function if_logged_in($is, $redirect, $back = false) {