<?php
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header('Location: login.php?msg=Invalid');
exit;
}
$username = $_POST['username'];
$password = $_POST['password'];
include '../lib/db.php';
include '../lib/admindb.php';
init_db();
// todo: dont store plaintext passwords!
$stmt = $_DB->prepare("SELECT id FROM admins WHERE username=? AND password=?");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$results = $stmt->get_result();
if ($results->num_rows != 1) {
header('Location: login.php?msg=Bad+Login');
exit;
}
$row = $results->fetch_array(MYSQLI_NUM);
$userid = $row[0];
$adminsid = get_random_string_len(16);
$stmt = $_DB->prepare("INSERT INTO adminsessions (id, userid) VALUES (?, ?)");
$stmt->bind_param('si', $adminsid, $userid);
$stmt->execute();
setcookie('adminsid', $adminsid, time() + 3600 * 24 * 365);
// expire in a year
header('Location: index.php');
function addAdoptedStop($userid, $stopname, $stopid, $agency)
{
global $_DB;
$stmt = $_DB->prepare("SELECT 1 FROM users WHERE id=?");
$stmt->bind_param('i', $userid);
$stmt->execute();
$results = $stmt->get_result();
if ($results->num_rows != 1) {
return 'nouserid';
}
$stmt = $_DB->prepare("SELECT 1 FROM adoptedstops WHERE userid=? AND stopid=? AND agency=?");
$stmt->bind_param('iss', $userid, $stopid, $agency);
$stmt->execute();
$results = $stmt->get_result();
if ($results->num_rows > 0) {
return TRUE;
}
if (is_null($stopid) && !is_null($agency)) {
return 'stopid_agency_mismatch';
}
if (!is_null($stopid) && is_null($agency)) {
return 'stopid_agency_mismatch';
}
$id = get_random_string_len(8);
$adoptedtime = dateTimeToDb(new DateTime());
$stmt = $_DB->prepare("INSERT INTO adoptedstops (id, userid, adoptedtime, stopname, stopid, agency) " . "VALUES (?,?,?,?,?,?)");
$stmt->bind_param('sissss', $id, $userid, $adoptedtime, $stopname, $stopid, $agency);
$result = $stmt->execute();
return $result;
}
