whupfeld/melder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Admin User

Browse Source
This commit is contained in:
Walter Hupfeld
2024-02-21 19:42:20 +01:00
parent 11575edc75
commit c1c4151300
12 changed files with 69 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
admin/login.php
View File

@@ -25,12 +25,14 @@ $boolLogin=true;
if (isset($_POST['login']) && isset($_POST['password'])) {
$strUser = trim($_POST['login']);
$strPassword = trim($_POST['password']);
$strSQL = "SELECT username,passwordhash FROM user WHERE username='$strUser'";
$strSQL = "SELECT username,passwordhash,district FROM user WHERE username='$strUser'";
$result = $db->query($strSQL);
if ($row=$result->fetch(PDO::FETCH_ASSOC)) {
if (password_verify($strPassword,$row['passwordhash'])) {
$boolOk = $strDistrict==$row['district'] || $row['username']=="admin";
if (password_verify($strPassword,$row['passwordhash']) && $boolOk) {
$_SESSION['user']=$strUser;
$_SESSION['csrf_token'] = uniqid('', true);
$_SESSION['superadmin'] = $row['username']=="admin";
header ("Location: index.php");
} else {
$boolLogin=false;