70 lines
2.2 KiB
PHP
70 lines
2.2 KiB
PHP
<?php
|
|
require_once "../db/connect.php";
|
|
session_start();
|
|
|
|
// Input
|
|
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
|
|
$password = isset($_POST['password']) ? trim($_POST['password']) : '';
|
|
$isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
if ($username === '' || $password === '') {
|
|
$resp = ['status' => 'error', 'message' => 'Inserire username e password'];
|
|
echo json_encode($resp);
|
|
exit;
|
|
}
|
|
|
|
// Autenticazione: descrizione = username/email, password = plain text
|
|
// Recupera anche l'ultimo ruolo assegnato (permission) se presente
|
|
$sql = "SELECT u.user_id, u.descrizione, r.id AS role_id, r.name AS role_name
|
|
FROM `user` u
|
|
LEFT JOIN `permission` p ON p.user_id = u.user_id
|
|
LEFT JOIN `role` r ON r.id = p.role
|
|
WHERE u.descrizione = ? AND u.password = ?
|
|
ORDER BY p.data DESC LIMIT 1";
|
|
|
|
if ($stmt = mysqli_prepare($conn, $sql)) {
|
|
mysqli_stmt_bind_param($stmt, 'ss', $username, $password);
|
|
mysqli_stmt_execute($stmt);
|
|
$result = mysqli_stmt_get_result($stmt);
|
|
|
|
if ($result && mysqli_num_rows($result) > 0) {
|
|
$row = mysqli_fetch_assoc($result);
|
|
$roleId = $row['role_id'] ?? null;
|
|
$roleName = $row['role_name'] ?? null;
|
|
|
|
// Se non c'è permission, default a utente
|
|
if (!$roleId || !$roleName) {
|
|
$roleId = 3; // utente
|
|
$roleName = 'utente';
|
|
}
|
|
|
|
$_SESSION['user_id'] = (int)$row['user_id'];
|
|
$_SESSION['username'] = $row['descrizione'];
|
|
$_SESSION['role_id'] = (int)$roleId;
|
|
$_SESSION['role_name'] = $roleName;
|
|
|
|
$resp = ['status' => 'ok', 'role' => $roleName];
|
|
echo json_encode($resp);
|
|
} else {
|
|
$resp = ['status' => 'error', 'message' => 'Credenziali non valide'];
|
|
echo json_encode($resp);
|
|
}
|
|
|
|
mysqli_stmt_close($stmt);
|
|
} else {
|
|
$resp = ['status' => 'error', 'message' => 'Errore interno'];
|
|
echo json_encode($resp);
|
|
}
|
|
|
|
// Per richieste non AJAX, effettua redirect (compatibilità)
|
|
if (!$isAjax) {
|
|
if (isset($_SESSION['user_id'])) {
|
|
header('Location: ../../index.php');
|
|
} else {
|
|
header('Location: ../../index.php?login=failed');
|
|
}
|
|
}
|
|
|