/*
* this is the login form, it provides a secure way to access the application. it relies on the
* cred.php file, which holds a hashed version of the password.
*/
$message = '';
if (!isset($_SESSION['UID']) || !isset($_SESSION['USER'])) {
//If the form is submitted, then check the username and password
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (isset($_POST['loginp']) && isset($_POST['loginu'])) {
$u = $_POST['loginu'];
$p = $_POST['loginp'];
$p = sha1($p);
//Unserialize all our users to check for a user with this name
$io = new FileIO();
$users = array();
$userFiles = $io->getDirectoryFiles(Constants::GET_USERS_DIRECTORY());
$cuser = new User('dummy1', 'dummy2');
$userFound = false;
foreach ($userFiles as $userFile) {
$val = $io->readFile(Constants::GET_USERS_DIRECTORY() . '/' . $userFile);
$cuser = unserialize($val);
if ($cuser->getUsername() == $u) {
$userFound = true;
break;
}
}
if ($userFound) {
if ($cuser->getPassword() == $p) {
$_SESSION['UID'] = $cuser->getUsername();
$_SESSION['USER'] = $cuser;
header("Location: " . get_absolute_uri('index.php'));
