core/login.php

   1 <?php
   2 include('common.php');
   3
   4 if (empty($_POST['user']) || empty($_POST['pass'])) {
   5         make_reply('Username or password empty.', 1);
   6 }
   7 $sth = $db->prepare('SELECT uid FROM users WHERE username = ? AND password = ?');
   8 $sth->bind_param('ss', $_POST['user'], sha1(PWSALT.$_POST['pass']));
   9 $sth->execute();
  10 $sth->bind_result($uid);
  11 if (!$sth->fetch()) { // no row returned
  12         make_reply('Username or password incorrect.', 2);
  13 }
  14
  15 // row returned, user/pw good
  16 $sth->close();
  17 $sth = $db->prepare('INSERT INTO sessions(sid, uid, started, last, active) VALUES (NULL, ?, NOW(), NOW(), 1)');
  18 $sth->bind_param('i', $uid);
  19 $sth->execute();
  20 $sid = $sth->insert_id;
  21
  22 make_reply(array('uid' => $uid, 'sid' => $sid));