2024-06-28 17:05:32 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
require_once 'classes/database.php';
|
|
|
|
require 'classes/user.php';
|
2024-07-01 09:45:07 +00:00
|
|
|
|
|
|
|
// clear the global error var before login
|
2024-06-28 17:05:32 +00:00
|
|
|
unset($error);
|
|
|
|
|
|
|
|
try {
|
2024-07-01 09:45:07 +00:00
|
|
|
$db = new Database($config['database']);
|
2024-06-28 17:05:32 +00:00
|
|
|
$user = new User($db);
|
|
|
|
|
|
|
|
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
|
|
|
|
$username = $_POST['username'];
|
|
|
|
$password = $_POST['password'];
|
|
|
|
|
2024-06-30 07:49:51 +00:00
|
|
|
// login successful
|
2024-06-28 17:05:32 +00:00
|
|
|
if ( $user->login($username, $password) ) {
|
2024-06-30 07:49:51 +00:00
|
|
|
// if remember_me is checked, max out the session
|
|
|
|
if (isset($_POST['remember_me'])) {
|
|
|
|
// 30*24*60*60 = 30 days
|
2024-07-02 17:04:12 +00:00
|
|
|
$cookie_lifetime = 30 * 24 * 60 * 60;
|
2024-07-03 06:37:35 +00:00
|
|
|
$setcookie_lifetime = time() + 30 * 24 * 60 * 60;
|
2024-07-02 17:04:12 +00:00
|
|
|
$gc_maxlifetime = 30 * 24 * 60 * 60;
|
2024-06-30 07:49:51 +00:00
|
|
|
} else {
|
|
|
|
// 0 - session end on browser close
|
|
|
|
// 1440 - 24 minutes (default)
|
2024-07-02 17:04:12 +00:00
|
|
|
$cookie_lifetime = 0;
|
2024-07-03 06:37:35 +00:00
|
|
|
$setcookie_lifetime = 0;
|
2024-07-02 17:04:12 +00:00
|
|
|
$gc_maxlifetime = 1440;
|
2024-06-30 07:49:51 +00:00
|
|
|
}
|
|
|
|
|
2024-07-03 06:37:35 +00:00
|
|
|
// set session lifetime and cookies
|
2024-07-03 12:30:44 +00:00
|
|
|
// FIXME: need to set this before session start (otherwise we need the separate cookie)
|
|
|
|
// ini_set('session.gc_maxlifetime', $gc_maxlifetime);
|
|
|
|
// session_set_cookie_params([
|
|
|
|
// 'lifetime' => $setcookie_lifetime,
|
|
|
|
// 'samesite' => 'Strict',
|
|
|
|
// 'httponly' => true,
|
|
|
|
// 'secure' => isset($_SERVER['HTTPS']),
|
|
|
|
// 'domain' => $config['domain'],
|
|
|
|
// 'path' => $config['folder']
|
|
|
|
// ]);
|
|
|
|
// session_start();
|
|
|
|
// FIXME we use separate cookie, because the above won't work
|
2024-07-03 06:37:35 +00:00
|
|
|
setcookie('username', $username, [
|
|
|
|
'expires' => $setcookie_lifetime,
|
|
|
|
'path' => $config['folder'],
|
|
|
|
'domain' => $config['domain'],
|
|
|
|
'secure' => isset($_SERVER['HTTPS']),
|
|
|
|
'httponly' => true,
|
|
|
|
'samesite' => 'Strict'
|
|
|
|
]);
|
|
|
|
|
2024-06-30 07:49:51 +00:00
|
|
|
// redirect to index
|
2024-07-01 09:45:07 +00:00
|
|
|
$_SESSION['notice'] = "Login successful";
|
2024-06-28 17:05:32 +00:00
|
|
|
header('Location: index.php');
|
|
|
|
exit();
|
2024-06-30 07:49:51 +00:00
|
|
|
|
|
|
|
// login failed
|
2024-06-28 17:05:32 +00:00
|
|
|
} else {
|
2024-07-01 09:45:07 +00:00
|
|
|
$_SESSION['error'] = "Login failed.";
|
|
|
|
header('Location: index.php');
|
|
|
|
exit();
|
2024-06-28 17:05:32 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
} catch (Exception $e) {
|
|
|
|
$error = $e->getMessage();
|
|
|
|
}
|
|
|
|
|
|
|
|
include 'templates/form-login.php';
|
|
|
|
|
|
|
|
?>
|