From d99d91293fe9e9ad683bbd079848df4031f0a77a Mon Sep 17 00:00:00 2001 From: lonkaars Date: Sat, 13 May 2023 14:35:04 +0200 Subject: add links to admin pages + more login --- lib/login.php | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) (limited to 'lib/login.php') diff --git a/lib/login.php b/lib/login.php index 39dc612..45d4c83 100644 --- a/lib/login.php +++ b/lib/login.php @@ -1,24 +1,46 @@ prepare("select id, hash, privileges from user where user.name = ?"); + $statement->bind_param("s", $username); + if (!$statement->execute()) return false; + $res = $statement->get_result(); + if (!mysqli_num_rows($res)) return false; + $obj = $res->fetch_object(); + $user_id = $obj->id; + $user_privileges = $obj->privileges; + + // if (!password_verify($password, $obj->hash)) return false; + return true; } -function check_login() { - global $username, $password; - if (!login($username, $password)) return false; +function check_login($username, $password) { + if (!login($username, $password)) { + setcookie("username", "", -1, "/"); + setcookie("password", "", -1, "/"); + return false; + } return true; } -require_once "../lib/db.php"; function get_cart_count() { global $username, $cursor; - $statement = $cursor->prepare("select sum(cart.count) as count from cart join customer on customer.id = cart.customer join product on product.id = cart.product where customer.name = ?"); + $statement = $cursor->prepare("select sum(cart.count) as count from cart join user on user.id = cart.user join product on product.id = cart.product where user.name = ?"); $statement->bind_param("s", $username); if (!$statement->execute()) return 0; $res = $statement->get_result(); @@ -27,7 +49,7 @@ function get_cart_count() { return $obj->count; } -$logged_in = check_login(); +$logged_in = check_login($username, $password); $cart_count = get_cart_count(); function if_logged_in($is, $redirect, $back = false) { -- cgit v1.2.3