Açıklama Yok

login.php 1.9KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
  1. <?php
  2. header('Content-type: application/json');
  3. if ($_SERVER["REQUEST_METHOD"] == "POST") {
  4. # Gets json from POST
  5. $json = json_decode(file_get_contents('php://input'), true);
  6. # Input validation for username y password
  7. $correo = $json["correo"];
  8. $password = $json["password"];
  9. if(strlen($correo) == 0 or strlen($password) == 0){
  10. http_response_code(400);
  11. echo json_encode(array("error" => "Correo o password vacio."));
  12. exit();
  13. }
  14. include 'db.php';
  15. # Select username row
  16. $sql = "SELECT userid, hash FROM Login WHERE correo = '".$correo."'";
  17. $result = $conn->query($sql);
  18. if($result === FALSE){
  19. http_response_code(500);
  20. echo json_encode(array("error" => "Error de base de datos 1."));
  21. $conn->close();
  22. exit();
  23. }
  24. if($result->num_rows){
  25. # Grabs password hash
  26. $result = $result->fetch_assoc();
  27. $hash = $result["hash"];
  28. $userid = $result["userid"];
  29. } else {
  30. http_response_code(401);
  31. echo json_encode(array("error" => "Correo o password incorrecto."));
  32. $conn->close();
  33. exit();
  34. }
  35. # Verifies password
  36. if(!password_verify($password, $hash)){
  37. $conn->close();
  38. http_response_code(401);
  39. echo json_encode(array("error" => "Correo o password incorrecto."));
  40. exit();
  41. }
  42. $token = bin2hex(random_bytes(16));
  43. # Insert Token
  44. $sql = "INSERT INTO Token (token, userid) VALUES (\"".$token."\", ".$userid.") ON DUPLICATE KEY UPDATE token = \"".$token."\";";
  45. if($conn->query($sql) === FALSE){
  46. http_response_code(500);
  47. echo json_encode(array("error" => "Error de base de datos 2."));
  48. $conn->close();
  49. exit();
  50. }
  51. http_response_code(200);
  52. echo json_encode(array("token" => $token));
  53. } else {
  54. header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
  55. exit();
  56. }
  57. ?>