-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.php
More file actions
47 lines (43 loc) · 1.56 KB
/
main.php
File metadata and controls
47 lines (43 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
//Basic details
$sql_host = "localhost";
$sql_user = "frc2877_website";
$sql_pass = "L1g3rb0ts";
$sql_data = "frc2877_ligerbots";
//Table names
$token_table = "tokens";
$user_table = "users";
$meta_table = "meta";
$post_table = "posts";
//Establish a database connection
$connection = mysqli_connect($sql_host, $sql_user, $sql_pass, $sql_data) or die("<b>Failed to connect to the database</b>");
//User variables
$user = array();
$loggedin = false;
//Check if a user token is present
if(isSet($_COOKIE['user'] & !isSet($notoken)) {
//User is set, break down the token to get their information
$user_exploded = explode("!!", $_COOKIE['user']);
//Retrieve and sterilize the information
$raw_username = mysqli_escape_string($connection, $user_exploded[0]);
$raw_token = mysqli_escape_string($connection, $user_exploded[1]);
//Formulate a query for the user tokens
$query = "SELECT * FROM " . $token_table . " WHERE username='" . $raw_username . "' AND token='" . $raw_token . "';";
//Query the table
$result = mysqli_query($connection, $query);
//Check if there were any results
if($result->num_rows > 0) {
//Formulate a query for the users information
$query = "SELECT * FROM " . $user_table . " WHERE username='" . $raw_username . "';";
//Query the database
$result = mysqli_query($connection, $query);
//There will be only one result, so get it as the user info
$user = mysqli_fetch_array($result);
//Set the user logged in state to true
$loggedin = true;
} else {
setcookie("user", "", time() - 3600);
header('Location: login.php?e="badtoken"');
}
}
?>