Newer
Older
<?php
include 'config.php';
include 'session-service.php';
$validation = checkRequest(['accountname', 'password']);
if ($validation !== true){
$payload = [
'success' => false,
'message' => $validation
];
http_response_code(400);
exit(json_encode($payload));
}
$saltFile = fopen($assetsDir.'/salt', 'r');
$salt = fread($saltFile, 128);
fclose($saltFile);
$users = fopen($assetsDir.'/users.csv', 'r');
while(!feof($users)){
$user = fgetcsv($users);
if ($user[0] == $_POST['accountname'] && $user[1] == hash('sha512', $_POST['password'], $salt)){
$sessionID = login($_POST['accountname']);
$payload = [
'success' => true,
'user' => [
'accountname' => $user[0],
'nickname' => $user[2],
'email' => $user[3],
'status' => $user[4],
'sessionId' => $sessionID
]
];
if ($sessionID){
$payload['message'] = 'Angemeldet mit '.$_POST['accountname'];
} else {
$payload['message'] = 'Account '.$_POST['accountname'].' ist bereits angemeldet';
}
exit(json_encode($payload));
}
}
$payload = [
'success' => false,
'message' => 'Account oder Passwort nicht gefunden.',
];