-
Notifications
You must be signed in to change notification settings - Fork 182
/
Copy pathauthenticate.php
45 lines (39 loc) · 1.17 KB
/
authenticate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php // authenticate.php
require_once 'login.php';
try
{
$pdo = new PDO($attr, $user, $pass, $opts);
}
catch (\PDOException $e)
{
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
if (isset($_SERVER['PHP_AUTH_USER']) &&
isset($_SERVER['PHP_AUTH_PW']))
{
$un_temp = sanitise($pdo, $_SERVER['PHP_AUTH_USER']);
$pw_temp = sanitise($pdo, $_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username=$un_temp";
$result = $pdo->query($query);
if (!$result->rowCount()) die("User not found");
$row = $result->fetch();
$fn = $row['forename'];
$sn = $row['surname'];
$un = $row['username'];
$pw = $row['password'];
if (password_verify(str_replace("'", "", $pw_temp), $pw))
echo htmlspecialchars("$fn $sn : Hi $fn, you are now logged in as '$un'");
else die("Invalid username/password combination");
}
else
{
header('WWW-Authenticate: Basic realm="Restricted Area"');
header('HTTP/1.0 401 Unauthorized');
die ("Please enter your username and password");
}
function sanitise($pdo, $str)
{
$str = htmlentities($str);
return $pdo->quote($str);
}
?>