feat: account registration and login

2 files changed, 67 insertions, 15 deletions

diff --git a/public/account/login/index.php b/public/account/login/index.php
index 4eb37ae..7c562d1 100644
--- a/public/account/login/index.php
+++ b/public/account/login/index.php
@@ -1,16 +1,44 @@
 <?php
 include "../../../src/accounts.php";
-authorize_user();
+
+if (authorize_user()) {
+    header("Location: /account");
+    exit;
+}
 
 include "../../../src/partials.php";
 include_once "../../../src/config.php";
 include_once "../../../src/alert.php";
+include_once "../../../src/utils.php";
 
-if (!ACCOUNT_REGISTRATION_ENABLE) {
-    generate_alert("/404.php", "Account registration is disabled", 403);
-    exit;
-}
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    if (!isset($_POST["username"], $_POST["password"])) {
+        generate_alert("/account/login", "Not enough POST fields");
+        exit;
+    }
 
+    $username = $_POST["username"];
+    $password = $_POST["password"];
+    $remember = intval($_POST["remember"] ?? "0") != 0;
+
+    $db = new PDO(DB_URL, DB_USER, DB_PASS);
+    $stmt = $db->prepare("SELECT secret_key, password FROM users WHERE username = ? AND password IS NOT NULL");
+    $stmt->execute([$username]);
+
+    if ($row = $stmt->fetch()) {
+        if (password_verify($password, $row["password"])) {
+            setcookie("secret_key", $row["secret_key"], $remember ? (time() + ACCOUNT_COOKIE_MAX_LIFETIME) : 0, "/");
+            header("Location: /account");
+            exit;
+        } else {
+            generate_alert("/account/login", "Passwords do not match!", 403);
+            exit;
+        }
+    } else {
+        generate_alert("/account/login", "User not found or is not accessable", 404);
+        exit;
+    }
+}
 ?>
 
 <html>
@@ -25,21 +53,45 @@ if (!ACCOUNT_REGISTRATION_ENABLE) {
     <div class="container">
         <div class="wrapper">
             <?php html_navigation_bar(); ?>
-
-            <section class="content">
-                <section class="box" style="width: 400px;">
+            <section class="content" style="width: 400px;">
+                <?php display_alert() ?>
+                <section class="box">
                     <div class="box navtab">
                         <p>Log in to <?php echo INSTANCE_NAME ?></p>
                     </div>
                     <div class="box content">
-                        <?php if (TWITCH_REGISTRATION_ENABLE): ?>
-                            <form action="/account/login/twitch.php" method="GET">
-                                <button type="submit" class="purple" style="padding:8px 24px; font-size: 18px;">Login with
-                                    Twitch</button>
-                            </form>
-                        <?php endif; ?>
+                        <form action="/account/login" method="post">
+                            <div>
+                                <label for="username">Username</label>
+                                <input type="text" name="username" id="form-username" required>
+                            </div>
+                            <div>
+                                <label for="password">Password</label>
+                                <input type="password" name="password" id="form-password" required>
+                            </div>
+                            <div>
+                                <input type="checkbox" name="remember" value="1" id="form-remember">
+                                <label for="remember" class="inline">Remember me</label>
+                            </div>
+                            <div>
+                                <button type="submit">Log in</button>
+                                <?php if (ACCOUNT_REGISTRATION_ENABLE): ?>
+                                    <a href="/account/register.php">Register</a>
+                                <?php endif; ?>
+                            </div>
+                        </form>
                     </div>
                 </section>
+
+                <?php if (TWITCH_REGISTRATION_ENABLE): ?>
+                    <section class="box column">
+                        <a href="/account/login/twitch.php" class="button purple"
+                            style="padding:8px 24px; font-size: 18px;">Login with Twitch</a>
+                        <p style="font-size: 12px;">Logging in via Twitch gives you the ability to use
+                            <?php echo INSTANCE_NAME ?> emotes in your Twitch chat.
+                        </p>
+                    </section>
+                <?php endif; ?>
             </section>
         </div>
     </div>
diff --git a/public/account/login/twitch.php b/public/account/login/twitch.php
index 05093cd..e3fe57a 100644
--- a/public/account/login/twitch.php
+++ b/public/account/login/twitch.php
@@ -129,7 +129,7 @@ if ($row = $stmt->fetch()) {
 
 $_SESSION["user_id"] = $user_id;
 $_SESSION["user_name"] = $user_name;
-setcookie("secret_key", $user_secret_key, time() + 86400 * 30, "/");
+setcookie("secret_key", $user_secret_key, time() + ACCOUNT_COOKIE_MAX_LIFETIME, "/");
 
 $db = null;