forked from Shnoulle/telsurvey
-
Notifications
You must be signed in to change notification settings - Fork 0
/
connect.php
68 lines (62 loc) · 2.56 KB
/
connect.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
if(session_name()!=$sSessionName)
{
session_name ($sSessionName);
session_start ();
}
// Need crsf control here */
if(!isset($_SESSION['uid']))
{
$errorstring="";
$username=(isset($_POST['username']))?filter_var(trim($_POST['username']),FILTER_SANITIZE_STRING,!FILTER_FLAG_NO_ENCODE_QUOTES):"";
$password=(isset($_POST['password']))?filter_var(trim($_POST['password']),FILTER_SANITIZE_STRING,!FILTER_FLAG_NO_ENCODE_QUOTES):"";
if($username && $password){
$telconnect = vconnect($databaselocation, $telbaseuser, $telbasepass, $telbasename);
$requete ="SELECT * FROM users WHERE username='{$username}';";
$resultat = extraire ($telconnect, $requete);
$resultat = intab ($resultat);
echo "<pre>".var_dump($resultat['password'][0])."</pre>";
echo "<pre>".var_dump(hash("sha256" ,$password))."</pre>";
echo "<pre>".var_dump(hash("sha256" ,$password)==$resultat['password'][0])."</pre>";
if(isset($resultat['password'][0]) && $resultat['password'][0])
{
if(hash("sha256" ,$password)==$resultat['password'][0])
{
$_SESSION['uid']=$resultat['username'][0];
}else{
$errorstring=H(${$lang}['cnx-invalid']);
}
}else{
$errorstring=H(${$lang}['cnx-invalid']);
}
}
if(!isset($_SESSION['uid']))
{
$top="<!DOCTYPE html>";
$top.="<head> <meta http-equiv=Content-Type content=text/html; charset=iso-8859-1>
<title>TelSurvey</title>
<link rel='icon' type='image/png' href='images/favicon2.png'>\n
<link href='css/ls.css' rel='stylesheet' type='text/css'>\n
<link href='css/ls_".$skin.".css' rel='stylesheet' type='text/css'>\n";
$top.="<div id='tout'>\n";
if($errorstring){$top.="<p class='error'>{$errorstring}</p>";}
$top.="<form name='loginform' id='loginform' method='post' action='index.php' >"
. "<ul class='form'>"
. "<li><label for='username'>".H(${$lang}['cnx-username'])."</label><input type='text' name='username' id='username' value='{$username}'></li>\n"
. "<li><label for='password'>".H(${$lang}['cnx-password'])."</label><input type='password' name='password' id='password' value=''></li>\n"
. "</ul>"
. "<p class='button'><input type='submit' class='btn' value='".H(${$lang}['cnx-login'])."'></p>";
$top.="</div>\n";
$top.="<div class='dvpby'>\n";
$top.="TelSurvey - <a href=http://telsurvey.univ-lemans.fr>http://telsurvey.univ-lemans.fr</a> - DSI Universite du Maine";
$top.="</div>";
$top.="</body></html>";
echo $top;
die();
}else{
$uid=$_SESSION['uid'];
}
}else{
$uid=$_SESSION['uid'];
}
//die("<pre>".var_export($_SESSION)."</pre>");