<?php

if (!isset($_POST['username']) || !isset($_POST['password'])) {
    header('Location: login.php?msg=Invalid');
    exit;
}
$username = $_POST['username'];
$password = $_POST['password'];
include '../lib/db.php';
include '../lib/admindb.php';
init_db();
// todo: dont store plaintext passwords!
$stmt = $_DB->prepare("SELECT id FROM admins WHERE username=? AND password=?");
$stmt->bind_param('ss', $username, $password);
$stmt->execute();
$results = $stmt->get_result();
if ($results->num_rows != 1) {
    header('Location: login.php?msg=Bad+Login');
    exit;
}
$row = $results->fetch_array(MYSQLI_NUM);
$userid = $row[0];
$adminsid = get_random_string_len(16);
$stmt = $_DB->prepare("INSERT INTO adminsessions (id, userid) VALUES (?, ?)");
$stmt->bind_param('si', $adminsid, $userid);
$stmt->execute();
setcookie('adminsid', $adminsid, time() + 3600 * 24 * 365);
// expire in a year
header('Location: index.php');
Exemplo n.º 2
0
function addAdoptedStop($userid, $stopname, $stopid, $agency)
{
    global $_DB;
    $stmt = $_DB->prepare("SELECT 1 FROM users WHERE id=?");
    $stmt->bind_param('i', $userid);
    $stmt->execute();
    $results = $stmt->get_result();
    if ($results->num_rows != 1) {
        return 'nouserid';
    }
    $stmt = $_DB->prepare("SELECT 1 FROM adoptedstops WHERE userid=? AND stopid=? AND agency=?");
    $stmt->bind_param('iss', $userid, $stopid, $agency);
    $stmt->execute();
    $results = $stmt->get_result();
    if ($results->num_rows > 0) {
        return TRUE;
    }
    if (is_null($stopid) && !is_null($agency)) {
        return 'stopid_agency_mismatch';
    }
    if (!is_null($stopid) && is_null($agency)) {
        return 'stopid_agency_mismatch';
    }
    $id = get_random_string_len(8);
    $adoptedtime = dateTimeToDb(new DateTime());
    $stmt = $_DB->prepare("INSERT INTO adoptedstops (id, userid, adoptedtime, stopname, stopid, agency) " . "VALUES (?,?,?,?,?,?)");
    $stmt->bind_param('sissss', $id, $userid, $adoptedtime, $stopname, $stopid, $agency);
    $result = $stmt->execute();
    return $result;
}