aboutsummaryrefslogtreecommitdiff
path: root/user/login.php
diff options
context:
space:
mode:
Diffstat (limited to 'user/login.php')
-rw-r--r--user/login.php9
1 files changed, 7 insertions, 2 deletions
diff --git a/user/login.php b/user/login.php
index a927d02..7a25d38 100644
--- a/user/login.php
+++ b/user/login.php
@@ -4,13 +4,18 @@ require_once(TEMPLATES_PATH . "/header.php");
session_start();
$conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']);
-$query = "SELECT id, username, password FROM users WHERE username = '$_POST[username]'";
-$result = $conn->query($query)->fetch();
+$query = $conn->prepare("SELECT id, username, password, can_edit_bugs, can_edit_reports
+ FROM users WHERE username=:username");
+$query->bindParam(':username', $_POST['username']);
+$query->execute();
+$result = $query->fetch();
if(password_verify($_POST['password'], $result['password'])) {
echo 'password verified';
$_SESSION['user_name'] = $result['username'];
$_SESSION['user_id'] = $result['id'];
+ $_SESSION['user_can_edit_bugs'] = $result['can_edit_bugs'];
+ $_SESSION['user_can_edit_reports'] = $result['can_edit_reports'];
} else {
echo 'wrong password';
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-04-25 12:57:24 +0000