-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathverify.php
64 lines (51 loc) · 1.34 KB
/
verify.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<?php
if (!($_SERVER['REQUEST_METHOD'] === 'POST'))
{
header("Location: login.php");
exit;
}
session_start();
if (strtolower($_SESSION["checkcode"]) != strtolower($_POST["checkcode"]))
{
$_SESSION['return_msg'] = "验证码错误。";
header("Location: login.php");
exit;
}
$user_email = $_POST["user_email"];
$user_password = $_POST["user_password"];
if ($user_email == "" or $user_password == "")
{
$_SESSION['return_msg'] = "login error.";
header("Location: login.php");
exit;
}
$sql = <<<EOF
select u.account_id, u.encrypted_password,'@'||a.username||COALESCE('@'||a."domain",'')
from users u left join accounts a on u.account_id =a.id
where email='$user_email';
EOF;
require_once ('config.php');
$db = pg_connect($connection_string);
$search_result = pg_query($db, $sql);
if (!$search_result) {
echo pg_last_error($db);
exit;
}
pg_close($db);
if (!($row = pg_fetch_row($search_result)))
{
$_SESSION['return_msg'] = "User error.";
header("Location: login.php");
exit;
}
if (password_verify($user_password, $row[1]) == false)
{
$_SESSION['return_msg'] = "Password error.";
header("Location: login.php");
exit;
}
$_SESSION['account_id'] = $row[0];
$_SESSION['account_name'] = $row[2];
header("Location: index.php");
exit;
?>