home » zplus/freepost.git
ID: 9b87235a3ee77157d306e281e82977e3ca7c2d59
119 lines — 3K — View raw 


  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php

require_once 'session.php';
require_once 'database.php';
require_once 'twig.php';

// Do not re-login if already loged in
if (Session::is_valid())
{
    header ('Location: ./user');
    exit ();
}


// POST: Process form submission     ===========================================


if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
    $db = new Database();
    $db->connect ();
    
    // Process login request
    if (isset ($_POST['login']))
    {
        // Bad POST request!
        if (!isset ($_POST['username']) || !isset ($_POST['password']))
            exit ();
        
        $username = $_POST['username'];
        $password = $_POST['password'];
        
        // Check username/password
        $user = $db->check_user_credentials ($username, $password);
        
        // Does the user exist?
        if (is_null ($user) || empty ($user))
        {
            $feedback = 'Bad login!';
            
        } else {
            
            // Set session
            Session::set ($user);
            
            // Also set "remember_me" cookie
            // Add "remember_me" cookie with secret token (30 days)
            $token = $db->set_remember_me ($user['id']);
            
            setcookie (
                'remember_me',       // name
                $token,              // value
                time()+60*60*24*30,  // expire (30 days)
                '/',                 // path
                'freepo.st',         // domain
                false,               // secure (clients send cookie only through HTTPS)
                true);               // httponly (no javascript)
            
            // After login, redirect to homepage
            header ('Location: ./');
            exit ();
        }
        
    }
    
    // Process new account request
    if (isset ($_POST['new_account']))
    {
        // Bad POST request!
        if (!isset ($_POST['username']) || !isset ($_POST['password']))
            exit ();
        
        // Error to display if can't create new user
        $feedback = NULL;
        
        // Make sure the username is not empty
        $username = trim ($_POST['username']);
        $password = $_POST['password'];
        
        // Username taken
        if (strlen ($username) == 0 || $db->user_exists ($username))
            $feedback = 'Name taken, please choose another.';
        
        // Password too short
        if (!$feedback && strlen ($password) < 8)
            $feedback = 'Password too short';
        
        if (!$feedback)
        {
            // Username OK, Password OK: create new user
            $user = $db->new_user ($username, $password);
            
            // Something bad happened...
            if (is_null ($user) || empty ($user))
                $feedback = 'An error has occurred, please try again.';
            
            if (!$feedback)
            {
                // Everything fine, login user and redirect
                Session::set ($user);
                
                header ('Location: ./user');
                exit ();
            }
        }
    }
}


// GET: show login form     ====================================================


// Render template
echo $twig->render (
    'login.twig',
    array(
        'title'    => 'Login',
        'feedback' => isset ($feedback) ? $feedback : ''));