/
login.php
208 lines (190 loc) · 8.9 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
<?php
session_start();
date_default_timezone_set('Europe/Prague');
require_once ('db_connection.php');
require_once ('oauth.php');
$loginGUrl = $gClient->createAuthUrl();
/* User login process, checks if user exists and password is correct */
$faults = []; // pracovní proměnná, do které budeme shromažďovat info o chybách
if (! empty($_POST) && isset($_POST['signin']) && $_SERVER["REQUEST_METHOD"] == "POST") {
// Escape username to protect against SQL injections
$username = trim(@$_POST['username']);
if (! preg_match("/^[a-zA-Z0-9\-\.]{1,30}$/", $username)) { // preg_match kontroluje pomocí regulárního výrazu
$faults[] = 'Je nutné zadat uživatelské jméno! Uživatelské jméno může obsahovat písmena a číslice, pomlčku, tečku a mít délku maximálně 30 znaků.';
}
if (empty($faults)) {
try {
$stmt = $conn->prepare("SELECT * FROM LOGIN WHERE USERNAME = :USERNAME AND ACTIVE = 1 LIMIT 1;");
$stmt->bindParam(":USERNAME", $username);
$stmt->execute();
} catch (Exception $e) {
die("Oh noes! There's an error in the query!" . $e->getMessage());
}
if ($stmt->fetchColumn() == 0) { // User doesn't exist
$_SESSION['message'] = "Uživatel s tímto uživatelským jménem neexistuje!";
header("location: login.php?success=wronguser");
exit();
} else { // User exists
try {
$stmt = $conn->prepare("SELECT * FROM LOGIN WHERE USERNAME = :USERNAME AND ACTIVE = 1 LIMIT 1;");
$stmt->bindParam(":USERNAME", $username);
$stmt->execute();
} catch (PDOException $e) {
die("Oh noes! There's an error in the query!" . $e->getMessage());
}
$user = @$stmt->fetchAll(PDO::FETCH_ASSOC)[0];
if (password_verify(trim($_POST['password']), $user['PASSWORD'])) {
$_SESSION['userID'] = $user['LOGIN_ID'];
$_SESSION['email'] = $user['EMAIL'];
$_SESSION['username'] = $user['USERNAME'];
$_SESSION['firstName'] = $user['FIRSTNAME'];
$_SESSION['lastName'] = $user['LASTNAME'];
$_SESSION['active'] = $user['ACTIVE'];
$_SESSION['lastLogin'] = date("Y-m-d H:i:s");
try {
$stmt = $conn->prepare("UPDATE LOGIN SET LASTLOGIN = :LASTLOGIN WHERE LOGIN_ID = :LOGIN_ID;");
$stmt->bindParam(":LASTLOGIN", $_SESSION['lastLogin']);
$stmt->bindParam(":LOGIN_ID", $_SESSION['userID']);
$stmt->execute();
} catch (PDOException $e) {
die("Oh noes! There's an error in the query!" . $e->getMessage());
}
// This is how we'll know the user is logged in
$_SESSION['logged_in'] = true;
header("location: index.php");
} else {
$_SESSION['message'] = "Zadal jsi chybné heslo, zkus to znovu!";
header("location: login.php?success=wrongpassword");
exit();
}
}
} else {
header("location: login.php?success=wrongusername");
exit();
}
}
?>
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang=""> <![endif]-->
<!--[if IE 7]> <html class="no-js lt-ie9 lt-ie8" lang=""> <![endif]-->
<!--[if IE 8]> <html class="no-js lt-ie9" lang=""> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js" lang="cs" xmlns="http://www.w3.org/1999/html">
<!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>MůjZávod | ChytrýOddíl</title>
<meta name="keywords"
content="závod,běh,web,app,aplikace,rfid,organizace,race,run">
<meta name="description"
content="Webová aplikace pro organizaci a měření běžeckých závodů.">
<meta name="author" content="Martin Krivda">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="apple-touch-icon" href="apple-icon.png">
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="assets/css/normalize.css">
<link rel="stylesheet" href="assets/css/bootstrap.min.css">
<link rel="stylesheet" href="assets/css/font-awesome.min.css">
<link rel="stylesheet" href="assets/css/themify-icons.css">
<link rel="stylesheet" href="assets/css/flag-icon.min.css">
<link rel="stylesheet" href="assets/css/cs-skin-elastic.css">
<!-- <link rel="stylesheet" href="assets/css/bootstrap-select.less"> -->
<link rel="stylesheet" href="assets/scss/style.css">
<link
href='https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,800'
rel='stylesheet' type='text/css'>
<!-- <script type="text/javascript" src="https://cdn.jsdelivr.net/html5shiv/3.7.3/html5shiv.min.js"></script> -->
</head>
<body class="bg-dark">
<div class="sufee-login d-flex align-content-center flex-wrap">
<div class="container">
<div class="login-content">
<?php
if (isset($_GET['success'])) {
if (@$_GET['success'] == 'wronguser') {
echo "<div class='sufee-alert alert with-close alert-danger alert-dismissible fade show'>";
echo "<span class='badge badge-pill badge-danger'>Chyba</span>";
echo "Uživatel s tímto uživatelským jménem neexistuje!";
echo "<button type='button' class='close' data-dismiss='alert' aria-label='Close'>";
echo "<span aria-hidden='true'>×</span>";
echo "</button>";
echo "</div>";
}
if (@$_GET['success'] == 'wrongpassword') {
echo "<div class='sufee-alert alert with-close alert-danger alert-dismissible fade show'>";
echo "<span class='badge badge-pill badge-danger'>Chyba</span>";
echo "Zadáno chybné heslo, zkus to znovu!";
echo "<button type='button' class='close' data-dismiss='alert' aria-label='Close'>";
echo "<span aria-hidden='true'>×</span>";
echo "</button>";
echo "</div>";
}
if (@$_GET['success'] == 'wrongusername') {
echo '<script src="assets/js/sweetalert2.all.js"></script>';
echo '<script type="text/javascript" language="javascript">';
echo "swal('Ooops!','Uživatelské jméno obsahuje neplatné znaky!','error');";
echo '</script>';
}
}
?>
<div class="login-logo">
<a href="index.php"> <img class="align-content"
src="images/logo.png" alt="">
</a>
</div>
<div class="login-form">
<form name="loginform" action="" method="POST">
<div class="form-group">
<label for="username">Uživatelské jméno</label> <input
type="text" class="form-control" name="username"
placeholder="Uživatelské jméno" pattern="[A-Za-z0-9\.]{1,30}"
value="<?php echo htmlspecialchars(@$_POST['username']);?>"
maxlength="30" required />
</div>
<div class="form-group">
<label for="password">Heslo</label> <input type="password"
class="form-control" id="password" name="password"
placeholder="Heslo" maxlength="100" required autocomplete="off" />
</div>
<div class="checkbox">
<label for="rememberme"> <input name="rememberme" type="checkbox">
Pamatuj si mě
</label> <label class="pull-right"> <a
href="forgottenpassword.php">Zapomenuté Heslo?</a>
</label>
</div>
<button type="submit"
class="btn btn-success btn-flat m-b-30 m-t-30" name="signin">Přihlásit</button>
<div class="social-login-content">
<div class="social-button">
<!--<button type="button"
class="btn social facebook btn-flat btn-addon mb-3">
<i class="ti-facebook"></i>Sign in with facebook
</button>-->
<button type="button"
onclick="window.location = '<?php echo $loginGUrl;?>'"
class="btn social twitter btn-flat btn-addon mt-2">
<i class="ti-google"></i>Sign in with google
</button>
</div>
</div>
<div class="register-link m-t-15 text-center">
<p>
Nemáš ještě účet ? <a href="register.php" title="Registration">
Registruj se zde</a>
</p>
</div>
</form>
</div>
</div>
</div>
</div>
<script src="assets/js/vendor/jquery-2.1.4.min.js"></script>
<script src="assets/js/popper.min.js"></script>
<script src="assets/js/plugins.js"></script>
<script src="assets/js/main.js"></script>
<script src="assets/js/sweetalert2.all.js"></script>
</body>
</html>