added login and logout

2023-03-15 14:52:33 +01:00
parent 2cac897f45
commit 73de1024a2
3 changed files with 62 additions and 1 deletions
--- a/login.php
+++ b/login.php
@@ -23,12 +23,14 @@
    }
    //$2y$10$yJMyDzprPAyf3rBnClqQ3O3poVb5w8gg2KcmZ10DVbTWSzgXeU.Ju
    //65de59ea345a79fb01174fb34a930d95
+    session_start();

    include 'db_connection.php';
    $conn = openCon();
        mysqli_set_charset($conn, "utf8");
        $data = json_decode(file_get_contents("php://input"),true);

+
        $email =  $data["email"];  //"example@email.email";
        $pass = $data["pass"];   //"hasło135$";

@@ -46,8 +48,12 @@
            else return false;
        };
        if(isset($answ["salt"]) && checkPassword($pass, $answ["salt"], $answ["hash"])){
+            $_SESSION["email"] = $email;
            echo json_encode(true);
        }
-        else echo json_encode(false);
+        else {
+            $_SESSION["email"] = null;
+            echo json_encode(false);
+        }
    closeCon($conn);
 ?>
--- a/logout.php
+++ b/logout.php
@@ -0,0 +1,27 @@
+<?php
+    
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+
+    session_start();
+    unset_($_SESSION["email"]);
+?>
--- a/start.php
+++ b/start.php
@@ -0,0 +1,28 @@
+<?php
+    
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+
+    session_start();
+    if(!isset($_SESSION["email"])) echo json_encode(false);
+    else echo json_encode(true);
+?>