aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
authorAlex Vitkov <alexvitkov98@gmail.com>2021-01-29 14:01:41 +0200
committerAlex Vitkov <alexvitkov98@gmail.com>2021-01-29 14:01:41 +0200
commitf4d5d71da4f94bf9bc87505e745eed913c9858b9 (patch)
treec5c2e7505c74d4bb500675cc57fdf9b1cf554e34 /php
parentfdea65e03218d175bcc5d5f2bbb426688a6cf42e (diff)
downloadfileup-f4d5d71da4f94bf9bc87505e745eed913c9858b9.tar.gz
Login is now remembered in $_SESSION['username']
If it is set, user is logged in, if it is unset user is not logged in
Diffstat (limited to 'php')
-rw-r--r--php/login.php7
-rw-r--r--php/logout.php10
-rw-r--r--php/register.php4
3 files changed, 18 insertions, 3 deletions
diff --git a/php/login.php b/php/login.php
index e6d44dc..536a5bf 100644
--- a/php/login.php
+++ b/php/login.php
@@ -3,6 +3,8 @@ require_once "user.php";
require_once "database.php";
require_once "misc.php";
+session_start();
+
$username=$_POST["username"];
$password=$_POST["password"];
/*server side verification*/
@@ -18,8 +20,7 @@ if(!$user)
die("Password or username is incorrect");
}
-echo "Username: {$user->username}\n";
-echo "Email: {$user->email_address}";
-
+$_SESSION['username'] = $user->username;
+header('Location: /');
?>
diff --git a/php/logout.php b/php/logout.php
new file mode 100644
index 0000000..9a4cdd7
--- /dev/null
+++ b/php/logout.php
@@ -0,0 +1,10 @@
+<?php
+// TODO
+// This is dangerous and stupid
+// Right now every webpage can redirect any of its users to http://shady.upload/logout
+// which will log the user out of our webpage
+
+session_start();
+unset($_SESSION['username']);
+header('Location: /');
+?>
diff --git a/php/register.php b/php/register.php
index ef1f238..1d31a91 100644
--- a/php/register.php
+++ b/php/register.php
@@ -31,4 +31,8 @@ if($database->register_user($username,$password,$email))
echo "didn't register";
}
+
+$_SESSION['username'] = $username;
+header('Location: /');
+
?>