diff --git a/app/pages/login.php b/app/pages/login.php index 7320e75..271051b 100644 --- a/app/pages/login.php +++ b/app/pages/login.php @@ -22,49 +22,53 @@ try { $dbWeb = connectDB($config); if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) { - $username = $_POST['username']; - $password = $_POST['password']; + try { + $username = $_POST['username']; + $password = $_POST['password']; - // login successful - if ( $userObject->login($username, $password) ) { - // if remember_me is checked, max out the session - if (isset($_POST['remember_me'])) { - // 30*24*60*60 = 30 days - $cookie_lifetime = 30 * 24 * 60 * 60; - $setcookie_lifetime = time() + 30 * 24 * 60 * 60; - $gc_maxlifetime = 30 * 24 * 60 * 60; + // login successful + if ( $userObject->login($username, $password) ) { + // if remember_me is checked, max out the session + if (isset($_POST['remember_me'])) { + // 30*24*60*60 = 30 days + $cookie_lifetime = 30 * 24 * 60 * 60; + $setcookie_lifetime = time() + 30 * 24 * 60 * 60; + $gc_maxlifetime = 30 * 24 * 60 * 60; + } else { + // 0 - session end on browser close + // 1440 - 24 minutes (default) + $cookie_lifetime = 0; + $setcookie_lifetime = 0; + $gc_maxlifetime = 1440; + } + + // set session lifetime and cookies + setcookie('username', $username, [ + 'expires' => $setcookie_lifetime, + 'path' => $config['folder'], + 'domain' => $config['domain'], + 'secure' => isset($_SERVER['HTTPS']), + 'httponly' => true, + 'samesite' => 'Strict' + ]); + + // redirect to index + $_SESSION['notice'] = "Login successful"; + $user_id = $userObject->getUserId($username)[0]['id']; + $logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user'); + header('Location: ' . htmlspecialchars($app_root)); + exit(); + + // login failed } else { - // 0 - session end on browser close - // 1440 - 24 minutes (default) - $cookie_lifetime = 0; - $setcookie_lifetime = 0; - $gc_maxlifetime = 1440; + $_SESSION['error'] = "Login failed."; + $user_id = $userObject->getUserId($username)[0]['id']; + $logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user'); + header('Location: ' . htmlspecialchars($app_root)); + exit(); } - - // set session lifetime and cookies - setcookie('username', $username, [ - 'expires' => $setcookie_lifetime, - 'path' => $config['folder'], - 'domain' => $config['domain'], - 'secure' => isset($_SERVER['HTTPS']), - 'httponly' => true, - 'samesite' => 'Strict' - ]); - - // redirect to index - $_SESSION['notice'] = "Login successful"; - $user_id = $userObject->getUserId($username)[0]['id']; - $logObject->insertLog($user_id, "Login: User \"$username\" logged in. IP: $user_IP", 'user'); - header('Location: ' . htmlspecialchars($app_root)); - exit(); - - // login failed - } else { - $_SESSION['error'] = "Login failed."; - $user_id = $userObject->getUserId($username)[0]['id']; - $logObject->insertLog($user_id, "Login: Failed login attempt for user \"$username\". IP: $user_IP", 'user'); - header('Location: ' . htmlspecialchars($app_root)); - exit(); + } catch (Exception $e) { + $error = $e->getMessage(); } } } catch (Exception $e) {