Show sourcecode
The following files exists in this folder. Click to view.
create_test.php
create_test_fuckingtrasig.php
hash.php
index.php
login.php
main.php
personal_results.php
setup.php
sign_up.php
test_correcting.php
tests.php
user_administration.php
verification.php
login.php
102 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
<?php
session_start(["gc_maxlifetime" => 86400]);
?>
<!DOCTYPE html>
<html lang="sv">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<style>
fieldset {
margin: 5px;
padding: 5px;
border: 2px solid black;
}
#show_password {
width: 10em;
border: 1px solid gray;
background-color: lightgray;
}
* {
box-sizing: border-box;
}
</style>
</head>
<body>
<a href="sign_up.php" target="_blank">Skapa konto</a>
<form method="POST" action="login.php">
<fieldset>
<legend>Logga in</legend>
<input type="text" required maxlength="50" name="username" id="username"><label for="username">Användarnamn</label><br>
<input type="password" required maxlength="255" minlength="8" name="password" id="password"><label for="password">Lösenord</label><br>
<div id="show_password">Visa lösenord</div><br>
<button type="submit">Logga in</button>
</fieldset>
</form>
<?php
// Om man ska loggas ut skickas man hit med ett meddelande i GET
if (isset($_GET["log_out"])) {
session_unset();
}
// Om man loggats ut skickas man hit med ett meddelande i GET
if (isset($_GET["logged_out"])) {
echo ("Du har blivit utloggad, eventuellt p.g.a avstängt konto. Logga in eller skapa nytt konto<br>");
}
if (isset($_POST["username"]) && isset($_POST["password"])) {
try {
/** @var PDO $dbconn */
include("../databaser/dbconnection.php");
$sql = "SELECT salt, password, admin, id FROM quiz_users WHERE username = ?";
$stmt = $dbconn->prepare($sql);
$stmt->execute([$_POST["username"]]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
include("hash.php");
if ($result && customHash($_POST["password"], $result["salt"]) == $result["password"]) {
// Om användaren finns och lösenordet stämmer så sparas ens id och rättigheter och man skickas till main
$_SESSION["user_id"] = $result["id"];
$_SESSION["username"] = $_POST["username"];
$_SESSION["admin"] = $result["admin"]; // 1 eller 0
$sql = "UPDATE quiz_users SET last_login = NOW() WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$result["id"]];
$stmt->execute($data);
header("Location: main.php");
exit();
} else {
echo ("Fel användarnamn eller lösenord");
}
} catch (PDOException $e) {
echo ($e->getMessage());
}
}
?>
<script>
const show_pass_btn = document.getElementById("show_password");
const password_input = document.getElementById("password");
show_pass_btn.addEventListener("mouseover", function() {
password_input.type = "text";
})
show_pass_btn.addEventListener("mouseleave", function() {
password_input.type = "password";
})
</script>
</body>
</html>