-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAutentificacion.php
86 lines (73 loc) · 2.25 KB
/
Autentificacion.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
$counter1 = 1;
$counter2 = 1;
session_start();
if (isset($_REQUEST["dni"]))
$dni = $_REQUEST["dni"];
if (isset($_REQUEST["contraseña"])) {
$password = $_REQUEST["contraseña"];
include 'conexionBD.php';
//Check DNI
$sql = "SELECT count(*) FROM votante";
$memory = $conexion->query($sql);
if ($memory->num_rows > 0) {
$info = $memory->fetch_array();
$num = $info[0];
$num = (int) $num;
}
$cont = 0;
$votList = array();
for ($cont2 = 0; $cont < $num; $cont2++) {
$sql2 = "SELECT nif FROM votante WHERE ID='" . $cont2 . "'";
$memi3 = $conexion->query($sql2);
if ($memi3 && $memi3->num_rows > 0) {
$info3 = $memi3->fetch_array();
$votList[$cont] = $info3['nif'];
$cont++;
}
}
foreach ($votList as $nif) {
if ($nif == $dni)
$counter1 = 0;
}
if ($counter1 == 1) {
$_SESSION['errDni'] = 'Este dni no esta registrado.';
unset($_SESSION['user']);
$counter2 = 0;
header("Location:index.php");
}
//Check password and voted. Avoid SQL Injection ---2 method
$sql1 = "SELECT * FROM votante WHERE nif='" . $dni . "' ";
$memory3 = $conexion->query($sql1);
if ($memory3 && $memory3->num_rows > 0) {
$info1 = $memory3->fetch_array();
$decPassword = base64_decode($info1['password']);
$_SESSION['domicilio'] = $info1['domicilio'];
$_SESSION['fechaNac'] = $info1['fechaNac'];
$_SESSION['user'] = $info1['nif'];
$_SESSION['nombre'] = $info1['nombre'];
$_SESSION['apellidos'] = $info1['apellidos'];
$_SESSION['votante'] = $info1['votante'];
$_SESSION['rol'] = $info1['rol'];
$_SESSION['password'] = $info1['password'];
//Check if the password matches the one you have set
if ($decPassword != $password) {
$_SESSION['err'] = 'Contraseña incorrecta.';
unset($_SESSION['user']);
$counter2 = 0;
header("Location:index.php");
}
}
}
//Redirection
if ($counter2 == 1) {
if ($_SESSION['modo'] == 'borrar')
header("Location:vistaBorrarVotantes.php");
elseif ($_SESSION['modo'] == 'modificar')
header("Location:controladorModificarVotantes.php");
elseif ($_SESSION['modo'] == 'login')
header("Location:menuEntrada.php");
elseif ($_SESSION['modo'] == 'votar')
header("Location:controladorVotar.php");
}
?>