46 lines
1.5 KiB
PHP
46 lines
1.5 KiB
PHP
<?php session_start();
|
|
$db_link = mysqli_connect('localhost', 'web_b-3', 'een7Ao6s', 'bibliothek_candle', '3306');
|
|
|
|
function runSQL($sql){
|
|
global $db_link;
|
|
$db_res = mysqli_query($db_link, $sql);
|
|
if(!$db_res){
|
|
header("Location: 404.html");
|
|
exit;
|
|
}
|
|
return $db_res;
|
|
}
|
|
|
|
if(isset($_POST['submit'])){
|
|
$kartenid = $_POST['karten-id'];
|
|
$passwort = $_POST['password'];
|
|
|
|
$existiert = runSQL("SELECT COUNT(*) FROM `benutzer` WHERE `KartenID` = '$kartenid' and `Passwort` = '$passwort'");
|
|
$row = mysqli_fetch_array($existiert);
|
|
$karteexistiert = runSQL("SELECT COUNT(*) FROM `benutzer` WHERE `KartenID` = '$kartenid'");
|
|
$zeile = mysqli_fetch_array($karteexistiert);
|
|
if($row['COUNT(*)'] > 0){
|
|
$_SESSION['eingeloggt'] = 1;
|
|
if(!isset($_SESSION['userID'])){
|
|
$sql = $db_link->prepare("SELECT benutzer.BenutzerID FROM benutzer WHERE benutzer.KartenID = ?;");
|
|
$sql->bind_param("i", $kartenid);
|
|
$sql->execute();
|
|
$result = $sql->get_result();
|
|
if (mysqli_num_rows($result) > 0) {
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$_SESSION['userID'] = $row['BenutzerID'];
|
|
}
|
|
}
|
|
}
|
|
header("Location: meinebuecher.php");
|
|
}else if($zeile['COUNT(*)'] > 0){
|
|
header("Location: passwort_stimmt_nicht.php");
|
|
}else{
|
|
header("Location: benutzer_existiert_nicht.php");
|
|
}
|
|
|
|
}else{
|
|
header("Location: 404.html");
|
|
}
|
|
|
|
?>
|