Файл: app/login.php
Строк: 36
<?php
Core::only('guest');
$smarty->header('Авторизация');
if (filter_has_var(INPUT_POST, 'submit'))
{
$filter = [
'login' => filter_has_var(INPUT_POST, 'login')
? filter_input(INPUT_POST, 'login', FILTER_UNSAFE_RAW)
: null,
'password' => filter_has_var(INPUT_POST, 'password')
? filter_input(INPUT_POST, 'password', FILTER_UNSAFE_RAW)
: null
];
if ($db->query("SELECT `id` FROM `users` WHERE `login` = '" . $filter['login'] . "' AND `password` = '" . Filter::encode($filter['password']) . "'")->rowCount() == 0)
{
$error = 'Неверный логин или пароль.';
}
else
{
$user = $db->query("SELECT `token`, `id` FROM `users` WHERE `login` = '" . $filter['login'] . "' AND `password` = '" . Filter::encode($filter['password']) . "' LIMIT 1")->fetch();
setcookie('token', $user['token'], time() + 60 * 60 * 24 * 31 * 365, '/');
setcookie('id', $user['id'], time() + 60 * 60 * 24 * 31 * 365, '/');
Core::go('/');
}
}
$elements[] = [
'type' => 'input',
'title' => Lang::word('Логин'),
'br' => 1,
'info' => [
'name' => 'login',
]
];
$elements[] = [
'type' => 'password',
'title' => Lang::word('Пароль'),
'br' => 1,
'info' => [
'name' => 'password',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Войти')
]
];
Core::show ('error');
$smarty->assign([
'method' => 'POST',
'action' => '?',
'el' => $elements
]);
$smarty->display('form.tpl');
$smarty->footer();