id/views/login.php

106 lines
2.9 KiB
PHP
Raw Normal View History

2024-06-29 21:52:46 +00:00
<?php
if ($_SESSION['auth']) {
if (key_exists('callback', $query)) {
2024-07-03 13:20:39 +00:00
header('Location: ' . urldecode($query['callback']));
2024-06-29 21:52:46 +00:00
} else {
header('Location: /dashboard');
}
exit();
}
2024-07-01 21:15:51 +00:00
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!validate_csfr()) {
flash(get_string('error.generic'), $flash);
goto skip;
}
2024-07-27 12:07:27 +00:00
// Validate email address
if (!validate_email($_POST['email'])) {
$error_body = get_string('error.invalidEmail');
}
2024-07-01 21:15:51 +00:00
// Figure out if it's a user
$user_to_log_in_as = db_execute('SELECT id, email, password FROM accounts WHERE email = ?', [$_POST['email']]);
if (!$user_to_log_in_as) {
$error_body = get_string('error.incorrectAuth');
goto skip;
}
if (password_verify($_POST['password'], $user_to_log_in_as['password'])) {
$_SESSION['auth'] = true;
$_SESSION['id'] = $user_to_log_in_as['id'];
if (key_exists('callback', $query)) {
2024-07-03 13:20:39 +00:00
header('Location: ' . urldecode($query['callback']));
2024-07-01 21:15:51 +00:00
} else {
header('Location: /dashboard');
}
exit();
}
2024-07-27 12:07:27 +00:00
} else {
if (key_exists('callback', $query)) {
$subtitle = get_string('auth.logInToContinue');
}
2024-07-01 21:15:51 +00:00
}
skip:
2024-06-29 21:52:46 +00:00
?>
<!doctype html>
<html lang="en">
<head>
<?php include 'partials/head.php' ?>
2024-07-27 12:07:27 +00:00
<link rel="stylesheet" href="/styles/login_form.css" />
2024-06-29 21:52:46 +00:00
</head>
<body>
<?php include 'partials/header.php' ?>
<main><?php
if ($_SESSION['auth']) {
$error_body = get_string('error.loggedIn');
}
?>
2024-07-27 12:07:27 +00:00
<div id="wrapper">
<h1 class="center"><?= get_string('page.login') ?></h1>
<p class="center">Don't have one? <a href="/auth/signup">Sign up</a>.</p>
<?php
if (isset($subtitle)) {
echo '<p class="subtitle center">'. $subtitle .'</p>';
}
2024-07-01 21:15:51 +00:00
if (isset($error_body)) {
include 'partials/error.php';
}
2024-07-27 12:07:27 +00:00
?>
2024-07-27 12:07:27 +00:00
<form class="login-form" method="post">
<?= csfr_input() ?>
2024-07-27 12:07:27 +00:00
<div class="input"><label for="email"><?= get_string("auth.email") ?></label>
<input type="email" name="email" id="email" /></div>
<div class="input"><label for="password"><?= get_string("auth.password") ?></label>
<input type="password" name="password" id="password" /></div>
<button class="primary" type="submit"><?= get_string('auth.login') ?></button>
</form>
</div>
<div class="spacer"></div>
<div class="passkey center">
<h2><span class="icon icon-32 align-vertically fluent--person-passkey-32-filled"></span>
<span class="label"><?= get_string('auth.passkey') ?></span></h2>
<p><?= get_string('auth.logInWithPasskeyExplainer'); ?></p>
<p><button><?= get_string('auth.logInWithPasskey') ?></button></p>
</div>
2024-06-29 21:52:46 +00:00
</main>
<?php include 'partials/footer.php' ?>
</body>
</html>