self opening modals, loginredirects keep fragment data
This commit is contained in:
marko
@@ -37,7 +37,7 @@ class participo{
|
||||
static public function authentificate(){
|
||||
session_start();
|
||||
if ( !self::isLoginValid() ) {
|
||||
header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI']), TRUE, 301);
|
||||
header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI'].($_POST['fragment'] ?? "")), TRUE, 301);
|
||||
exit(); // should'nt matter
|
||||
}
|
||||
}
|
||||
@@ -45,6 +45,15 @@ class participo{
|
||||
static public function getMessages(){return self::$message;}
|
||||
static public function addMessage($type, $message){self::$message[$type] = (self::$message[$type] ?? "").$message;}
|
||||
|
||||
/**
|
||||
* check password for user
|
||||
*
|
||||
* @param string $loginName user who wants to get in
|
||||
* @param string $password passwor for the user
|
||||
*
|
||||
* @retval true $password belongs to $loginName
|
||||
* @retval false otherwise
|
||||
*/
|
||||
static public function checkCredentials($loginName, $password){
|
||||
sleep(1); // just to discurrage brute force attacks
|
||||
// Check for dbConnection
|
||||
@@ -291,44 +300,6 @@ function loadMarkdownFile($fileName){
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
function checkCredentials($username, $password, $db_server, $db_user, $db_password, $db_name){
|
||||
sleep(1);
|
||||
$mysqli = @new mysqli($db_server, $db_user, $db_password, $db_name);
|
||||
if ($mysqli->connect_error) {
|
||||
$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
|
||||
} else {
|
||||
$query = sprintf(
|
||||
"SELECT id, loginName, pwHash, config FROM wkParticipo_Users WHERE loginName = '%s'",
|
||||
$mysqli->real_escape_string($_POST['f']['username'])
|
||||
);
|
||||
$result = $mysqli->query($query);
|
||||
if ($row = $result->fetch_array(MYSQLI_ASSOC)) {
|
||||
if( password_verify( $_POST['f']['password'], $row['pwHash']) ){
|
||||
session_start();
|
||||
$_SESSION = array(
|
||||
'login' => true,
|
||||
'user' => array(
|
||||
'username' => $row['loginName'],
|
||||
'userId' => $row['id'],
|
||||
'userConfig' => json_decode($row['config'], true)
|
||||
),
|
||||
);
|
||||
$message['success'] = 'Anmeldung erfolgreich, <a href="index.php">weiter zum Inhalt</a>.';
|
||||
|
||||
// Logging Logins
|
||||
logLoginsToJsonFile($_SESSION['user']['username']);
|
||||
|
||||
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/participo?user=' . $_POST['f']['username']);
|
||||
} else {
|
||||
sleep(5);
|
||||
$message['error'] = 'Das Kennwort ist nicht korrekt.';
|
||||
}
|
||||
}
|
||||
}
|
||||
return $message;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log the Login of an user into a logFile
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user