added login thing

2014-08-18 15:30:09 +02:00 · 2014-08-18 15:30:09 +02:00 · 780651e8b3
commit 780651e8b3
parent 4a9bf1565d
4 changed files with 50 additions and 4 deletions
--- a/config.php
+++ b/config.php
@ -68,6 +68,10 @@ if (!isset($notemplate)) {
  $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"sitename\";")->fetch_assoc();
  $site_name = htmlspecialchars($res['value']);
  
+  // user name
+  $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
+  $user_name = htmlspecialchars($res['value']);
+  
  // the flash
  $message = null;
  if (isset($_SESSION['flash'])) {
@ -77,6 +81,7 @@ if (!isset($notemplate)) {
  
  $tpl->assign("logged_in", $_SESSION['logged_in']);
  $tpl->assign("site_name", $site_name);
+  $tpl->assign("user_name", $user_name);
  $tpl->assign("words_total", $words_total_count);
  $tpl->assign("inbox_count", $new_words_count);
  $tpl->assign("message", $message);
--- a/ucp.php
+++ b/ucp.php
@ -20,12 +20,47 @@

 include_once 'config.php';

+function check_privileges() {
+  if (!$_SESSION['logged_in']) {
+    $_SESSION['flash'] = "Log in to continue.";
+    header('Location: ucp.php?page=login');
+    exit();
+  }
+}
+
 switch ($_GET['page']) {
  case "login": {
+    if ($_SESSION['logged_in']) {
+      $_SESSION['flash'] = "You're already logged in.";
+      header('Location: ucp.php');
+      exit();
+    }
+    if (!isset($_POST['login'])) {
      $tpl->draw("login");
+    } else {
+      $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"username\";")->fetch_assoc();
+      $username = $res['value'];
+      $res = $sql->query("SELECT `value` FROM `config` WHERE `key` = \"password\";")->fetch_assoc();
+      $password = $res['value'];
+      $post_pass = crypt($_POST['password'], $password);
+      if (($_POST['username'] === $username) && ($post_pass === $password)) {
+        // successful login
+        $_SESSION['logged_in'] = true;
+        $_SESSION['flash'] = "You are now logged in.";
+        header('Location: ucp.php');
+        exit();
+      } else {
+        // failed login
+        $_SESSION['flash'] = "Wrong user name or password";
+        header('Location: ucp.php?page=login');
+        exit();
+      }
+    }
    break;
  }
  case "logout": {
+    check_privileges();
+    
    session_destroy();
    session_start();
    $_SESSION['flash'] = "Sucessfully logged out";
@ -34,11 +69,15 @@ switch ($_GET['page']) {
    break;
  }
  case "settings": {
+    check_privileges();
+    
    $tpl->draw("settings");
    break;
  }
  case "inbox":
  default: {
+    check_privileges();
+    
    $tpl->draw("inbox");
  }
 }
--- a/views/login.html
+++ b/views/login.html
@ -4,10 +4,10 @@
 {if="$message"}
 <div class="alert alert-info">{$message}</div>
 {/if}
-  <form role="form" method="POST">
+  <form role="form" method="POST" action="ucp.php?page=login">
    <div class="form-group">
      <label for="InputUsername">Username</label>
-      <input type="text" class="form-control" id="InputUsername" name="user_name" placeholder="Enter username">
+      <input type="text" class="form-control" id="InputUsername" name="username" placeholder="Enter username">
    </div>
    <div class="form-group">
      <label for="InputPassword">Password</label>
--- a/views/navbar.html
+++ b/views/navbar.html
@ -18,8 +18,10 @@
          <li class="dropdown">
          <a href="#" class="dropdown-toggle" data-toggle="dropdown">{$user_name}<b class="caret"></b></a>
          <ul class="dropdown-menu">
-          <li><a href="ucp.php">Inbox{if="$new_words_count > 0"}{$new_words_count}{/if}</a></li>
+          <li><a href="ucp.php">Inbox{if="$new_words_count > 0"} ({$new_words_count}){/if}</a></li>
          <li><a href="ucp.php?page=settings">Settings</a></li>
+          <li class="divider"></li>
+          <li><a href="ucp.php?page=logout">Logout</a></li>
        {else}
          <li><a href="ucp.php?page=login">Login</a></li>
        {/if}