forked from nathan242/ipcam-cctv
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.php
69 lines (65 loc) · 2.23 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<?php
session_start();
function login($username) {
$_SESSION['loginuser'] = $username;
header('Location: /cctv.php');
exit;
}
function fail_login($reason) {
session_destroy();
$pagetitle = 'LOGIN FAILED';
include $_SERVER['DOCUMENT_ROOT'].'/include/header.php';
switch ($reason) {
case 0:
echo '<p>ERROR: Unknown username or password.</p>';
break;
case 1:
echo '<p>ERROR: Account is disabled.</p>';
break;
}
echo '<p><a href="/index.php">BACK TO LOGIN PAGE</a></p>';
include $_SERVER['DOCUMENT_ROOT'].'/include/footer.php';
exit;
}
if(!isset($_SESSION['loginuser']) && (!isset($_POST['username']) || !isset($_POST['password']))) {
$pagetitle = 'LOGIN';
include $_SERVER['DOCUMENT_ROOT'].'/include/header.php';
echo '<div class="panel panel-default control-box">';
echo '<div class="panel-heading">LOGIN</div>';
echo '<form action="" method="POST">';
echo '<table border="1">';
echo '<tr><td>USERNAME:</td><td><input type="text" name="username" autocomplete="off"></td></tr>';
echo '<tr><td>PASSWORD:</td><td><input type="password" name="password"></td></tr>';
echo '<tr><td colspan="2"><input class="btn" type="submit" value="LOGIN" style="width:100%"></td></tr>';
echo '</table>';
echo '</form>';
echo '</div>';
echo '<div style="position: absolute; bottom: 5px;">';
echo '<font size="1">VERSION: XX-XX-2017 (DEV)</font>';
echo '</div>';
include $_SERVER['DOCUMENT_ROOT'].'/include/footer.php';
} elseif (!isset($_SESSION['loginuser']) && isset($_POST['username']) && isset($_POST['password'])) {
// Process login
require_once $_SERVER['DOCUMENT_ROOT'].'/include/db.php';
$username = $_POST['username'];
$database->prepared_query('select `username`, `password`, `enabled` from users where `username`=?', array('s'), array($username));
// Check if user exsists
if (count($database->result) == 0) {
fail_login(0);
}
// Check user password
$loginpassword = hash('sha256',$_POST['password']);
if ($database->result[0]['password'] == $loginpassword) {
if ($database->result[0]['enabled'] == 1) {
login($database->result[0]['username']);
} else {
fail_login(1);
}
} else {
fail_login(0);
}
} else {
// Already logged in - Restore page
header('Location: /cctv.php');
}
?>