-
Notifications
You must be signed in to change notification settings - Fork 1
/
login.php
71 lines (65 loc) · 2.11 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
session_start();
include 'inc/checker.php';
include 'inc/config.php';
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $appname." - "; ?>Login</title>
<?php include 'inc/styles.html'; ?>
</head>
<body class="installset">
<main style="padding: 0px;">
<?php include 'header.php'; ?>
<div style="padding: 30px;" align="center">
<?php
if($_SESSION['polllog']==false || !$_SESSION['polluserid']){
?>
<!-- LOGIN FORM -->
<form action="" method="POST" id='installform'>
<h2>Login</h2>
<input type="email" name="email" placeholder="Email Address" required="true" autocomplete="false" /><br><br>
<input type="password" name="password" placeholder="Password" required="true" autocomplete="false"/>
<br><br>
<div align="center">
<button type="submit" name="submit" class="submitbutton">LOGIN</button>
</div>
<br>
<a style='font-size: 12.5px;' href='forgotpass.php'>Forgot Your Password?</a>
</form>
<?php
$email=$db->escape($_POST['email']);
$password=$db->escape($_POST['password']);
if(isset($_POST['submit']) && $email && $password){
if($db->numrows($db->query("SELECT * FROM ".$subscript."users WHERE email='".$email."'"))==1){
$user=$db->fetch($db->query("SELECT * FROM ".$subscript."users WHERE email='".$email."'"));
if($db->numrows($db->query("SELECT * FROM ".$subscript."users WHERE email='$email' AND password='".md5(crypt($password,$user['salt']))."'"))==1) // If password hashes have the same value.
{
$_SESSION['polllog']=true;
$_SESSION['polluserid']=$user['id'];
if($user['isadmin']==1){
$_SESSION['polladmin']=true;
}
header("refresh:0;url=index.php");
exit();
}else{
echo "<br><br><span style='color: #ffffff;'>Wrong Credentials.</span>";
}
}
else{
echo "<br><br><span style='color: #ffffff;'>No user with such email exists.</span>";
}
}
}
else{
echo "<br><br>Already logged in.";
header("refresh:0;url=index.php");
exit();
}
?>
</div>
</main>
<?php include 'footer.php'; ?>
</body>
</html>