-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.php
More file actions
50 lines (41 loc) · 1.34 KB
/
auth.php
File metadata and controls
50 lines (41 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
$host = 'localhost';
$username = 'root';
$password = '';
$dbname = 'broken_auth';
$conn = new mysqli($host, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$uname = $_POST['uname'];
$psw = $_POST['psw'];
$sql = "SELECT id, username, password, role, balance FROM users WHERE username = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $uname);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $username, $db_password, $role, $balance);
$stmt->fetch();
if ($psw === $db_password) {
setcookie("user_id", $id, time() + (86400 * 30), "/");
setcookie("user_role", $role, time() + (86400 * 30), "/");
if ($role === 'admin') {
header("Location: /admin.php");
} else {
header("Location: /dashboard.php");
}
exit();
} else {
header("Location: /login.php?error=Invalid username or password");
exit();
}
} else {
header("Location: /login.php?error=Invalid username or password");
exit();
}
$stmt->close();
$conn->close();
}
?>