aboutsummaryrefslogtreecommitdiffstats
path: root/web/user_login.php
blob: 1f455c2f4eaa5acfbed50cf230182576295b78bd (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

<?php
require_once('common.php');

$username = $_POST['username'];
$password = $_POST['password'];

if($username == '' || strlen($username) > 16 || $username != pg_escape_string($username)){
    exit('Eerror');
}
if($password == '' || strlen($password) > 128){
    exit('Eerror');
}

$sqlc = pg_connect('host=localhost port=5432 dbname='.DB_NAME.' user='.DB_USER.' password='.DB_PASSWORD);

$username = pg_escape_string($username);
$password = hash('sha512',$password);
$sqlr = pg_query_params($sqlc,'SELECT "userid" FROM "user" WHERE "username"=$1 AND "password"=$2 LIMIT 1;',
        array($username,$password));
if(($sqlo = pg_fetch_object($sqlr)) == null){
    pg_free_result($sqlr);
    pg_close($sqlc);
    exit('Eerror');
}
$userid = $sqlo->userid;
pg_free_result($sqlr);
pg_close($sqlc);

setcookie('userid',$userid,time() + 31536000);
setcookie('usersec',hash('sha512',$userid.SEC_SALT),time() + 31536000);
echo 'S';
?>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 09:57:45 +0800