<?php
require_once('config.php');
require_once('sanitize.php');
session_cache_limiter ('private, must-revalidate');
$cache_limit = session_cache_limiter();
session_cache_expire(30);
$cache_expire = session_cache_expire();
session_start();
$server_self = $_SERVER['PHP_SELF'];
$self_page = trim(strrchr($server_self, "/"), "/");
if (!empty($_POST["email"]) || !empty($_POST["password"])) {
$user_mail = sanitize($_POST['email']);
$password = hash('whirlpool', sanitize($_POST['password']));
$user_result = $db_connection->prepare('SELECT user_password FROM photoblog_user WHERE user_mail = ?;');
$user_result->execute(array($user_mail));
$password_check = $user_result->fetch(PDO::FETCH_ASSOC);
if ($password == $password_check["user_password"]) {
$temporal_key = hash('whirlpool', $password.mt_rand(1000,2800).$user_mail);
$_SESSION["temporal_hash"] = $temporal_key;
$temporal_user_db = $db_connection->prepare('UPDATE photoblog_user SET user_temporal = ? WHERE user_mail = ?;');
$temporal_user_db->execute(array($temporal_key,$user_mail));
exit(header('Location: administrator.php'));
} else {
exit(header('Location: index.php'));
}
if (!isset($set_pass)) {
exit(header('Location: index.php'));
}
} else if (!empty($_SESSION["temporal_hash"])) {
$temporal_key_session = sanitize($_SESSION["temporal_hash"]);
$temporal_key_query = $db_connection->prepare('SELECT user_id, user_temporal FROM photoblog_user WHERE user_temporal = ?;');
$temporal_key_query->execute(array($temporal_key_session));
$temporal_data = $temporal_key_query->fetch(PDO::FETCH_ASSOC);
if ($temporal_key_session == $temporal_data["user_temporal"]) {
$logged_user_id = $temporal_data["user_id"];
$temporal_key = $temporal_data["user_temporal"];
$_SESSION["temporal_hash"] = $temporal_key;
if ($self_page == 'index.php') {
exit(header('Location: administrator.php'));
}
} else {
exit(header('Location: index.php'));
}
} else if ($self_page == 'administrator.php' && empty($_SESSION["temporal_hash"])) {
exit(header('Location: index.php'));
}
?>