earthroots-php/edit.php at master · perfectritone/earthroots-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
require("Modify.php");

$page = new Modify();

@ $db = new mysqli($dbHost, $dbUser, $dbPassword, $dbName);

if ($db->connect_errno) {
  echo 'Error: Could not connect to database. Please try again later.';
  exit;
}

$db->set_charset("utf8"); //SET THIS IN MYSQL

@ $username = Page::protectDB(trim($_POST['username']),$db);
@ $password = Page::protectDB(trim($_POST['password']),$db);

if (!$username || !$password) {
  echo "Sorry, you left a field blank.";
  exit;
}

$query = "SELECT password, salt
    FROM users
    WHERE username = '$username';";
$result = $db->query($query);

if($result->num_rows < 1) //no such user exists
{
  echo <<<HTML
User '$username' not found. <br>
<a href = "javascript:history.back();">back</a>
HTML;
  die;
}

$row = $result->fetch_assoc();
$hash = hash('sha256', $row['salt'] . hash('sha256', $password));

if($hash != $row['password']) //incorrect password
{
  echo <<<HTML
Wrong password. <br>
<a href = "javascript:history.back();">back</a>
HTML;
  die;
}

session_start();

if (!isset($_SESSION['initiated']))
{
  session_regenerate_id();
  $_SESSION['initiated'] = true;
}
$_SESSION['admin'] = true;

$page->display();

?>