forked from Adleraci/adlerka.top
93 lines
3.0 KiB
PHP
93 lines
3.0 KiB
PHP
|
<?php
|
||
|
|
||
|
function isLoggedIn(){
|
||
|
return $_SESSION["ID"] > 0 && !empty($_SESSION["email"]);
|
||
|
}
|
||
|
|
||
|
function doLogin(){
|
||
|
global $mysqli;
|
||
|
if(!empty($_POST["email"]) && !empty($_POST["password"])){
|
||
|
$email = $_POST["email"];
|
||
|
$pass = $_POST["password"];
|
||
|
/* prepare statement */
|
||
|
$stmt = $mysqli->prepare("SELECT ID, FirstName, LastName, Nickname, PasswordHash, MinecraftNick, isAdmin FROM Users WHERE EMAIL = ? AND isActive = 1");
|
||
|
$stmt->bind_param("s", $email);
|
||
|
$stmt->execute();
|
||
|
$idcko = 0;
|
||
|
$fname = "";
|
||
|
$lname = "";
|
||
|
$nickname = "";
|
||
|
$pwdhash = "";
|
||
|
$mcnick = "";
|
||
|
$isadmin = false;
|
||
|
/* bind variables to prepared statement */
|
||
|
$stmt->bind_result($idcko, $fname, $lname, $nickname, $pwdhash, $mcnick, $isadmin);
|
||
|
|
||
|
$found = false;
|
||
|
/* fetch values */
|
||
|
while ($stmt->fetch()) {
|
||
|
if (password_verify($pass, $pwdhash)){
|
||
|
$_SESSION["ID"] = $idcko;
|
||
|
$_SESSION["first_name"] = $fname;
|
||
|
$_SESSION["last_name"] = $lname;
|
||
|
$_SESSION["nickname"] = $nickname;
|
||
|
$_SESSION["email"] = $email;
|
||
|
$_SESSION["mcnick"] = $mcnick;
|
||
|
$_SESSION["isadmin"] = $isadmin;
|
||
|
$found = true;
|
||
|
break;
|
||
|
}
|
||
|
else{
|
||
|
$found = false;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
$stmt->close();
|
||
|
if($found){
|
||
|
$status = ["status" => "success"];
|
||
|
}
|
||
|
else{
|
||
|
$status = ["status" => "fail"];
|
||
|
}
|
||
|
echo json_encode($status);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
function doLogout(){
|
||
|
if(isLoggedIn()){
|
||
|
session_destroy();
|
||
|
$status = ["status" => "success"];
|
||
|
}
|
||
|
else{
|
||
|
$status = ["status" => "fail"];
|
||
|
}
|
||
|
echo json_encode($status);
|
||
|
}
|
||
|
|
||
|
function doRegister(){
|
||
|
$status = ["status" => "fail"];
|
||
|
if (!empty($_POST["activationtoken"])){
|
||
|
global $mysqli;
|
||
|
|
||
|
$firstName = $_POST["firstname"];
|
||
|
$lastName = $_POST["lastname"];
|
||
|
$nickname = $_POST["nickname"];
|
||
|
$email = $_POST["email"];
|
||
|
$password = $_POST["password"];
|
||
|
$minecraftNick = $_POST["minecraftnick"];
|
||
|
$activationToken = $_POST["activationtoken"];
|
||
|
if (!empty($firstName) && !empty($lastName) && !empty($nickname) && !empty($email) && !empty($password) && !empty($activationToken)){
|
||
|
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
||
|
|
||
|
$stmt = $mysqli->prepare("UPDATE Users SET FirstName = ?, LastName = ?, Nickname = ?, Email = ?, PasswordHash = ?, MinecraftNick = ?, isAdmin = 0, isActivated = 1 WHERE isActivated = 0 AND ActivationToken = ?");
|
||
|
$stmt->bind_param("ssssss", $firstName, $lastName, $nickname, $email, $passwordHash, $minecraftNick, $activationToken);
|
||
|
$stmt->execute();
|
||
|
if ($stmt->affected_rows > 0) {
|
||
|
$status["status"] = "success";
|
||
|
}
|
||
|
$stmt->close();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
?>
|