Please wait...
';
echo '';
} else if(isset($_POST["type"])) {
if($_POST["type"]=="login" && isset($_POST["user"]) && isset($_POST["pwd"])){
//Get options
$user = $_POST["user"];
$pwd = $_POST["pwd"];
$remember = 0;
if(isset($_POST["remember"]) && $_POST["remember"]=="on")
$remember = 1;
//Try to login
include_once "config/config.php";
$conn = GetConnectionToDB();
$stmt = $conn->prepare('SELECT * FROM users WHERE user=?');
$stmt->execute(array($user));
if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
if (password_verify($pwd, $result["password"])){
$skey = generate_skey();
$stmt = $conn->prepare("INSERT INTO sessions (skey, uid)
VALUES (:skey, :uid)");
$stmt->bindParam(':skey', $skey);
$stmt->bindParam(':uid', $result["id"]);
$stmt->execute();
$sid = $conn->lastInsertId();
$conn = null;
if($remember == 1){
setcookie("pp_sid", $sid, time()+63072000); //Dies in 2 years
setcookie("pp_skey", $skey, time()+63072000); //Dies in 2 years
} else {
setcookie("pp_sid", $sid); //Dies when browser closes
setcookie("pp_skey", $skey); //Dies when browser closes
}
echo 'Please wait...
';
echo '';
die();
}
else echo "No!"; //TODO: Wrong password
} else echo "Fail!"; //TODO: No user or SQL fail.
$conn = null;
}
if($_POST["type"]=="register" && isset($_POST["user"]) && isset($_POST["pwd"])){
//Get options
$user = $_POST["user"];
$pwd = $_POST["pwd"];
$hash = password_hash($pwd ,CRYPT_BLOWFISH);
//Does this user exist
include_once "config/config.php";
$conn = GetConnectionToDB();
$stmt = $conn->prepare('SELECT * FROM users WHERE user=?');
$stmt->execute(array($user));
if($result = $stmt->fetch(PDO::FETCH_ASSOC)){
echo "User allready exists!
";
$conn = null;
die();
}
//Did the person enter a password
if($pwd==""){
echo "You need a password to singup!
";
$conn = null;
die();
}
//Register the user
$stmt = $conn->prepare("INSERT INTO users (user,password)
VALUES (:user, :pwd)");
$stmt->bindParam(':user', $user);
$stmt->bindParam(':pwd', $hash);
if($stmt->execute()){
echo 'Please wait...
';
echo '';
} else {
echo "Fail!";
}
$conn = null;
}
} else {
echo '
';
}
?>