<?php
$database['host'] = '127.0.0.1';
$database['user'] = 'user';
$database['pass'] = 'database';
$database['db'] = 'password';
try {
$DBH = new PDO("mysql:host=$database[host];dbname=$database[db]", $database['user'], $database['pass']);
} catch(PDOException $e) {
$error['db-link'] = $e->getMessage();
}
session_start();
function login()
{
if (isSet($_SESSION['username']) && isSet($_SESSION['password'])) {
$STH = $DBH->prepare('SELECT username, password FROM accounts WHERE username = ? AND password = ?');
$STH->execute(Array($_SESSION['username'], $_SESSION['password']));
$STH->setFetchMode(PDO::FETCH_ASSOC);
if ($TH->fetchColumn() == 0) {
return 'attack'; /* wtf are you doin? */
} else {
return 'logged'; /* user and pass ok */
}
}
if (isSet($_POST['username']) && isSet($_POST['password'])) {
$password = md5($_POST['password']);
$STH = $DBH->prepare('SELECT username, password FROM accounts WHERE username = ? AND password = ?');
$STH->execute(Array($_POST['username'], $password));
$STH->setFetchMode(PDO::FETCH_ASSOC);
if ($STH->fectchColumn() > 0) {
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $password;
return 'logged'; /* user and pass ok */
} else {
return 'notcorrect'; /* user and pass not ok */
}
}
if (empty($_POST['username']) && empty($_POST['password']) && empty($_SESSION['username']) && empty($_SESSION['password'])) {
return 'nologin'; /* have to do the login */
}
}
function login_form()
{
?>
<form method="post" action="<?php echo $config['url']; ?>/login" id="login">
<fieldset>
<legend>Login</legend>
<label>Username: <input type="text" name="username" required /></label>
<label>Password: <input type="password" name="password" required /></label>
<input type="submit" />
</fieldset>
</form>
<?php
}
function module_content()
{
if (login() == 'login') {
header('Location: '.$config['url'].'/dashboard');
} else if (login() == 'notcorrect') {
?>
<p>Sorry, login not correct. Please, try again.</p>
<?php
login_form();
} else if (login() == 'attack') {
login_form();
} else if (login() == 'nologin') {
login_form();
}
}
module_content();
?>