OpenShorte.old/lib/php/login.php

<?php
    if ( isset ( $_SESSION [ 'user_id' ] ) ) {
        header ( "Location: " . substr ( $_SERVER [ 'SCRIPT_NAME' ], 0, -10 ) . "/insert" );
        exit;
    }
    if ( isset ( $request [ 1 ] ) && $request [ 1 ] == "forgot" ) {
        include ( $config [ 'installation_path' ] . '/lib/php/forgot.php' );
        exit;
    }
    if ( isset ( $_POST [ 'username' ] ) && isset ( $_POST [ 'password' ] ) ) {
        $username = $_POST [ 'username' ];
        $password = $_POST [ 'password' ];
        $database = new Database ( $config [ 'db' ] );
        $database->connect ( );
        $database->prepare ( "SELECT users.id FROM users WHERE users.username = ? AND users.password = ?" );
        $parameters = [
            [ "ss" ],
            [ &$username, &$password ],
        ];
        $database->bind ( $parameters );
        $database->execute ( );
        $result = $database->get_result ( );
        $row = $result->fetch_assoc ( );
        if ( ! $row ) {
            header ( 'Content-Type: application/json' );
            http_response_code ( 401 );
            $response = [
                'status' => 401,
                'error_message' => 'Username or password not correct.',
            ];
            echo ( json_encode ( $response ) );
            exit;
        }
        else {
            $_SESSION [ 'user_id' ] = $row [ 'id' ];
            header ( 'Content-Type: application/json' );
            $response = [
                'status' => 200,
                'message' => 'Authentication succesfully executed.',
            ];
            echo ( json_encode ( $response ) );
            exit;
        }
    }
    else {
?>
<!DOCTYPE html>
<html>
    <head>
        <title>BJPHoster URL Shortener | Login</title>
        <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet">
        <link href="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/css/login.css" rel="stylesheet">
        <link href="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/favicon.ico" rel="icon" type="image/x-icon">
    </head>
    <body>
    <div class="container login-container">
        <div class="row">
            <div class="col-md-6 login-form-1">
                <h3>Login</h3>
                <form>
                    <div class="form-group">
                        <input type="text" class="form-control" placeholder="Username" value="" id="form-username" />
                    </div>
                    <div class="form-group">
                        <input type="password" class="form-control" placeholder="Password" value="" id="form-password" />
                    </div>
                    <div class="form-group">
                        <input type="button" class="btnSubmit" value="Login" onclick="login()" />
                    </div>
                    <div class="form-group">
                        <a href="<?=substr($_SERVER[ 'SCRIPT_NAME' ],0,-10)."/login/forgot"?>" class="ForgetPwd">Forgot Password?</a>
                    </div>
                </form>
            </div>
        </div>
        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
        <script src="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/js/sha512.min.js"></script>
        <script src="<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>/lib/js/login.js"></script>
        <script>var script_name = "<?=substr($_SERVER['SCRIPT_NAME'],0,-10)?>";</script>
    </body>
</html>
<?php
    }