login.php at master · keii.dev/qrkill

keii.dev / qrkill
A php killer game implementation
qrkill / login.php
at master 2.6 kB view raw
 1<?php
 2
 3session_start();
 4
 5require_once 'priv/errorhandler.php';
 6require_once 'priv/pdo.php';
 7require_once 'priv/twig.php';
 8
 9#error_reporting(0);
10
11if(isset($_SESSION['qr']['id']))
12{
13	die("Redan inloggad. <a href='logout.php'>Logga ut</a>");
14}
15
16if ($_SERVER['REQUEST_METHOD'] === 'GET')
17{
18	header('Location: index.php');
19	die();
20}
21$username = explode('@', $_POST['username'])[0];
22$ldap = ldap_connect("ldaps://ad.ssis.nu") or die('Något gick fel. Vänligen kontakta Movitz.');
23$bind = ldap_bind($ldap, $username . "@ad.ssis.nu", $_POST['password']);
24$sql = 'SELECT id, name, is_admin, class FROM qr_users WHERE username = ?';
25$user = DB::prepare($sql)->texecute([$username])->fetch();
26
27if(!$bind)
28{
29	echo $twig->render('login.html', ['error' => 'Ditt användarnamn eller lösenord var fel.']);
30	if($user)
31	{
32		$sql = "INSERT INTO qr_logins (success, qr_users_id) VALUES (0, ?)";
33		DB::prepare($sql)->texecute([$user['id']]);
34	}
35	die();
36}
37
38if($user)
39{
40	$sql = "INSERT INTO qr_logins (success, qr_users_id) VALUES (1, ?)"; 
41	DB::prepare($sql)->texecute([$user['id']]);
42
43	$_SESSION['qr']['username'] = $username;
44	$_SESSION['qr']['id'] = $user['id'];
45	$_SESSION['qr']['is_admin'] = $user['is_admin'];
46	$_SESSION['qr']['name'] = $user['name'];
47	$_SESSION['qr']['class'] = $user['class'];
48	echo "hi";
49	header('Location: index.php');
50	die();
51}
52
53$search = ldap_search($ldap, "DC=ad,DC=ssis,DC=nu", "(sAMAccountName=" . $username . ")", array("cn", "givenName", "sn", "memberOf")) or die('ldap_search failed');
54$userInfo = ldap_get_entries($ldap, $search);
55if($userInfo['count'] == 0)
56{
57	echo $twig->render('login.html', ['error' => 'Kunde inte hitta dig i AD:t. Är du inte en elev? Kontakta Movitz om du vill ha tillgång.']);
58	die();
59}
60$userInfo = $userInfo[0];
61
62$name = $userInfo['givenname'][0] . ' ' . $userInfo['sn'][0];
63$class = 'Lärare';
64
65foreach($userInfo['memberof'] as $sg)
66{
67	if(strpos($sg, 'OU=Klass') !== false) 
68	{
69		$class = substr($sg, 3, 5);
70		break;
71	}
72}
73
74$sql = 'SELECT (COUNT(*) = 0) FROM qr_users';
75$isAdmin = DB::prepare($sql)->texecute()->fetchColumn();
76
77$sql = 'INSERT INTO qr_users (username, name, class, is_admin) VALUES (?, ?, ?, ?)';
78DB::prepare($sql)->texecute([$username, $name, $class, $isAdmin]);
79
80$userId = DB::lastInsertId();
81$_SESSION['qr']['id'] = $userId;
82$_SESSION['qr']['username'] = $username;
83$_SESSION['qr']['is_admin'] = $isAdmin;
84$_SESSION['qr']['name'] = $name;
85$_SESSION['qr']['class'] = $class;
86
87$sql = "INSERT INTO qr_logins (success, qr_users_id) VALUES (1, ?)"; 
88DB::prepare($sql)->texecute([$userId]);
89echo "hi";
90header('Location: index.php');
91