diff options
Diffstat (limited to 'user/login.php')
-rw-r--r-- | user/login.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/user/login.php b/user/login.php index a927d02..7a25d38 100644 --- a/user/login.php +++ b/user/login.php @@ -4,13 +4,18 @@ require_once(TEMPLATES_PATH . "/header.php"); session_start(); $conn = new PDO($config['db']['dsn'], $config['db']['username'], $config['db']['password']); -$query = "SELECT id, username, password FROM users WHERE username = '$_POST[username]'"; -$result = $conn->query($query)->fetch(); +$query = $conn->prepare("SELECT id, username, password, can_edit_bugs, can_edit_reports + FROM users WHERE username=:username"); +$query->bindParam(':username', $_POST['username']); +$query->execute(); +$result = $query->fetch(); if(password_verify($_POST['password'], $result['password'])) { echo 'password verified'; $_SESSION['user_name'] = $result['username']; $_SESSION['user_id'] = $result['id']; + $_SESSION['user_can_edit_bugs'] = $result['can_edit_bugs']; + $_SESSION['user_can_edit_reports'] = $result['can_edit_reports']; } else { echo 'wrong password'; } |