forked from evilc0des/hostellot.github.io
/
login.php
93 lines (72 loc) · 1.89 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
//Output will be in xml
header('Content-Type: text/xml');
$status = 'OK';
require 'core.inc.php';
require 'connect.inc.php';
if(isset($_GET['checkLogin'])){
if(loggedin())
{
$status = 'LOGGED_IN';
$user=getuser();
}
else {
$status = 'LOGGED_OUT';
}
}
if(isset($_POST['username'])&&isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$remember = isset($_POST['remember']);
//$password_hash = md5($password);password_hash($password, PASSWORD_DEFAULT)
if(!empty($username)&&!empty($password)){
$query = "SELECT * FROM users WHERE username = '".$conn->real_escape_string($username)."'";
$result = $conn->query($query);
if($result->num_rows==0){
$status = 'INVALID';
}elseif ($result->num_rows>0) {
$row = $result->fetch_assoc();
if($row){
$password_hash= $row['password'];
if(password_verify($password,$password_hash))
{
if($remember){
$_SESSION['username']=$row['username'];
}
$user=getuser();
$status = 'LOGGED_IN';
}
else {
$status = 'FAILED';
}
}
}
}
else {
$status = 'BLANK';
}
}
// create the new XML document
$dom = new DOMDocument();
// create the root <response> element
$response = $dom->createElement('response');
$dom->appendChild($response);
$stat = $dom->createElement('status');
$statText = $dom->createTextNode($status);
$stat->appendChild($statText);
$response->appendChild($stat);
if($status==='LOGGED_IN'){
$fname = $dom->createElement('firstname');
$fnameText = $dom->createTextNode($user['firstname']);
$fname->appendChild($fnameText);
$lname = $dom->createElement('lastname');
$lnameText = $dom->createTextNode($user['lastname']);
$lname->appendChild($lnameText);
$users = $dom->createElement('user');
$users->appendChild($fname);
$users->appendChild($lname);
$response->appendChild($users);
}
$xmlString = $dom->saveXML();
echo $xmlString;
?>