114 lines
3.3 KiB
PHP
114 lines
3.3 KiB
PHP
<?php
|
|
function login_failed()
|
|
{
|
|
header("Location: logout.php");
|
|
exit();
|
|
}
|
|
|
|
session_start();
|
|
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
|
|
$username = $_SESSION['username'];
|
|
$main_currency = $_SESSION['main_currency'];
|
|
$sql = "SELECT * FROM user WHERE username = :username";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
|
$result = $stmt->execute();
|
|
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
|
$userId = $userData['id'];
|
|
|
|
if ($userData === false) {
|
|
header('Location: logout.php');
|
|
exit();
|
|
}
|
|
|
|
$_SESSION['userId'] = $userData['id'];
|
|
|
|
if ($userData['avatar'] == "") {
|
|
$userData['avatar'] = "0";
|
|
}
|
|
} else if (isset($_SERVER['HTTP_X_WEBAUTH_USER'])) {
|
|
$username = $_SERVER['HTTP_X_WEBAUTH_USER'];
|
|
|
|
$sql = "SELECT * FROM user WHERE username = :username";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
|
$result = $stmt->execute();
|
|
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
|
$userId = $userData['id'];
|
|
|
|
if ($userData === false) {
|
|
header('Location: logout.php');
|
|
exit();
|
|
}
|
|
|
|
$_SESSION['userId'] = $userData['id'];
|
|
$_SESSION['username'] = $userData['username'];
|
|
$_SESSION['loggedin'] = true;
|
|
$_SESSION['main_currency'] = $userData['main_currency'];
|
|
$_SESSION['language'] = $userData['language'];
|
|
|
|
if ($userData['avatar'] == "") {
|
|
$userData['avatar'] = "0";
|
|
}
|
|
} else if (isset($_COOKIE['wallos_login'])) {
|
|
$cookie = explode('|', $_COOKIE['wallos_login'], 3);
|
|
$username = $cookie[0];
|
|
$token = $cookie[1];
|
|
$main_currency = $cookie[2];
|
|
|
|
$sql = "SELECT * FROM user WHERE username = :username";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
|
|
$result = $stmt->execute();
|
|
|
|
if (!$result) {
|
|
$db->close();
|
|
login_failed();
|
|
}
|
|
|
|
$userData = $result->fetchArray(SQLITE3_ASSOC);
|
|
if (!isset($userData['id'])) {
|
|
$db->close();
|
|
login_failed();
|
|
}
|
|
|
|
if ($userData['avatar'] == "") {
|
|
$userData['avatar'] = "0";
|
|
}
|
|
|
|
$userId = $userData['id'];
|
|
$main_currency = $userData['main_currency'];
|
|
|
|
$adminQuery = "SELECT login_disabled FROM admin";
|
|
$adminResult = $db->query($adminQuery);
|
|
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
|
|
|
|
if ($adminRow['login_disabled'] == 1) {
|
|
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
|
|
} else {
|
|
$sql = "SELECT * FROM login_tokens WHERE user_id = :userId AND token = :token";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->bindParam(':userId', $userId, SQLITE3_TEXT);
|
|
$stmt->bindParam(':token', $token, SQLITE3_TEXT);
|
|
}
|
|
|
|
$result = $stmt->execute();
|
|
$row = $result->fetchArray(SQLITE3_ASSOC);
|
|
|
|
if (!$row) {
|
|
$db->close();
|
|
login_failed();
|
|
}
|
|
|
|
$_SESSION['username'] = $username;
|
|
$_SESSION['token'] = $token;
|
|
$_SESSION['loggedin'] = true;
|
|
$_SESSION['main_currency'] = $main_currency;
|
|
$_SESSION['userId'] = $userId;
|
|
} else {
|
|
$db->close();
|
|
login_failed();
|
|
}
|
|
?>
|