//login.php<?phpsession_start();$errors = array();include("server.php");

1. //login.php
2. <?php
3. session_start();
4. $errors = array();
5. include("server.php");
6.  
7. if(isset($_POST["log_user"])){
8. $username = $_POST['username'];
9. $password = $_POST['password'];
10. }
11.  
12. if(empty($username)){
13. array_push($errors, "Il nome utente utente è richiesto");}
14. if(empty($password)){
15. array_push($errors, "La password è richiesta");
16. }
17.  
18. if(count($errors) == 0){
19. $stam = $conn -> prepare("Select user, pwd from funzionari WHERE user = :user AND pwd = :pwd");
20. $stam -> bindParam(":user", $username, PDO::PARAM_STRING);
21. $stam -> bindParam(":pwd", sha1($password), PDO::PARAM_STRING);
22.  
23. if($stam->exec()){
24. $token = sha1(uniqid($username));
25. $_SESSION['id'] = $token;
26. $url = "caffetime.altervista.org/dashboard.php";
27. $variabili = array(
28. 'username' => $username,
29. 'token' => $token
30. );
31. $build = http_build_query($variabili);
32. $ch = curl_init();
33.  
34. // set the url, number of POST vars, POST data
35. curl_setopt($ch, CURLOPT_URL, $url);
36. curl_setopt($ch, CURLOPT_POST, count($variabili));
37. curl_setopt($ch, CURLOPT_POSTFIELDS, $build);
38.  
39. // execute post
40. $result = curl_exec($ch);
41.  
42. // close connection
43. curl_close($ch);
44.  
45. header('Location: http://caffetime.altervista.org/dashboard.php');
46. }else{
47. array_push($errors, "login fallito, controlla l'username e la password");
48. header('errors.php');
49. }
50. }else{
51. header('errors.php');
52. }
53.  
54. ?>
55.  
56. //dashboard.php
57. <?php
58. session_start();
59. if($_SESSION['id'] == $_POST['token']){
60. echo ("benvenuto/a, ".$_POST['username']);
61. }
62. ?>