<?php if (!isset($_POST['username']) || !isset($_POST['password'])) { header('Location: login.php?msg=Invalid'); exit; } $username = $_POST['username']; $password = $_POST['password']; include '../lib/db.php'; include '../lib/admindb.php'; init_db(); // todo: dont store plaintext passwords! $stmt = $_DB->prepare("SELECT id FROM admins WHERE username=? AND password=?"); $stmt->bind_param('ss', $username, $password); $stmt->execute(); $results = $stmt->get_result(); if ($results->num_rows != 1) { header('Location: login.php?msg=Bad+Login'); exit; } $row = $results->fetch_array(MYSQLI_NUM); $userid = $row[0]; $adminsid = get_random_string_len(16); $stmt = $_DB->prepare("INSERT INTO adminsessions (id, userid) VALUES (?, ?)"); $stmt->bind_param('si', $adminsid, $userid); $stmt->execute(); setcookie('adminsid', $adminsid, time() + 3600 * 24 * 365); // expire in a year header('Location: index.php');
function addAdoptedStop($userid, $stopname, $stopid, $agency) { global $_DB; $stmt = $_DB->prepare("SELECT 1 FROM users WHERE id=?"); $stmt->bind_param('i', $userid); $stmt->execute(); $results = $stmt->get_result(); if ($results->num_rows != 1) { return 'nouserid'; } $stmt = $_DB->prepare("SELECT 1 FROM adoptedstops WHERE userid=? AND stopid=? AND agency=?"); $stmt->bind_param('iss', $userid, $stopid, $agency); $stmt->execute(); $results = $stmt->get_result(); if ($results->num_rows > 0) { return TRUE; } if (is_null($stopid) && !is_null($agency)) { return 'stopid_agency_mismatch'; } if (!is_null($stopid) && is_null($agency)) { return 'stopid_agency_mismatch'; } $id = get_random_string_len(8); $adoptedtime = dateTimeToDb(new DateTime()); $stmt = $_DB->prepare("INSERT INTO adoptedstops (id, userid, adoptedtime, stopname, stopid, agency) " . "VALUES (?,?,?,?,?,?)"); $stmt->bind_param('sissss', $id, $userid, $adoptedtime, $stopname, $stopid, $agency); $result = $stmt->execute(); return $result; }