<?php require_once 'config.php'; require 'autenticazione.php'; rememberMe(); $error = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $error = Login($error); } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="author" content="Bachechi Andrea"> <meta name="description" content="applicazione per la gestione di un magazzino"> <link rel="stylesheet" type="text/css" href="ElemStyle.css"> <link rel="stylesheet" type="text/css" href="logStyle.css"> <title>Magazzino</title> </head> <body> <div class="loginBox"> <h2>Login</h2> <form id="autenticazione" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?> " method="post"> <label for="usr">Username:</label> <input type="text" name="usr" id="usr" required > <label for="pwd">Password:</label>
$username = strip_tags($_POST['login_username']); //hash the entered password for comparison with the db $password = hash("sha256", $_POST['login_password']); //Check for a record that matches the POSTed credentials $query = "SELECT * FROM users WHERE username = '******' AND password = '******';"; $result = $mysqli->query($query); $user = mysqli_fetch_assoc($result); if ($result && $result->num_rows == 1 && $user['active'] == 1) { $_SESSION['user'] = $_POST['login_username']; if (isset($_POST['stay-logged']) || isset($_POST['stay-logged-full'])) { onLogin($result['id']); } } mysqli_query($mysqli, "INSERT INTO session_history VALUES ({$result['id']}, 'login', '{$timestamp}')"); } $remembered = rememberMe(); if ($remembered) { $account = mysqli_fetch_assoc($mysqli->query("SELECT * FROM users WHERE id={$remembered}")); $_SESSION['user'] = $account['username']; $_SESSION['fbId'] = $account['fb_id']; } if ($loggedIn) { $fb = isset($_SESSION['fbId']); $user = isset($_SESSION['user']); $dbAccountFinder = $fb ? "fb_id='{$_SESSION['fbId']}'" : "username='******'user']}'"; $accountQuery = "SELECT * FROM users WHERE {$dbAccountFinder}"; if (!$account) { $account = mysqli_fetch_assoc($mysqli->query($accountQuery)); } } $admin = $loggedIn && $account['id'] == 21 ? true : false;