<?php
if ($_SERVER["REQUEST_METHOD"] == "GET") {
exit(file_get_contents("templates/login.html"));
}
// The request isn't GET, so it's probably POST.
utils::require_params($_POST, ["username", "password"], "POST");
if (usertils::check_credentials($_POST["username"], $_POST["password"])) {
env::$username = $_POST["username"];
env::$role = usertils::get_user($_POST["username"])["roles"];
http_response_code(302);
// temporary redirect
header("location: index.php?action=list&login=success");
// todo set an *appropriate* cookie here
// todo output a nice login success page here?
exit;
}
// The login failed!
http_response_code(401);
// todo output a nice login failed page here.
header("content-type: text/plain");
exit("Login failed.");
<?php
if (isset($_COOKIE["{$settings->cookie_prefix}-user"]) && isset($_COOKIE["{$settings->cookie_prefix}-session-key"])) {
// The requester has attached a session key, we should probably take a look at it.
if (sessions::lookup($_COOKIE["{$settings->cookie_prefix}-user"], $_COOKIE["{$settings->cookie_prefix}-session-key"])) {
// The user's key was valid! Update the environment to reflect the user.
env::$username = $_COOKIE["{$settings->cookie_prefix}-user"];
env::$key = $_COOKIE["{$settings->cookie_prefix}-session-key"];
env::$role = intval(usertils::get_user(env::$username)["roles"]);
}
}
