File manager

File manager - Edit - /home/pack/api/login.php

Back
<?php error_reporting(E_ALL); ini_set('display_errors', 1); ini_set('log_errors', 1); /** * API: Login * URL: https://pack.iot-cm.com/api/login.php * Method: POST * Return: JSON / require_once "../config.php"; header("Content-Type: application/json; charset=utf-8"); / ----------------------------- Allow only POST ------------------------------ / if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); echo json_encode([ "status" => "error", "message" => "Method not allowed" ]); exit; } / ----------------------------- Read Input (ALL CASES) ------------------------------ / $raw = file_get_contents("php://input"); $json = json_decode($raw, true); $username = ''; $password = ''; if (!empty($_POST)) { $username = trim($_POST['username'] ?? ''); $password = trim($_POST['password'] ?? ''); } elseif (is_array($json)) { $username = trim($json['username'] ?? ''); $password = trim($json['password'] ?? ''); } if ($username === '' \|\| $password === '') { echo json_encode([ "status" => "error", "message" => "Username or password missing", "debug" => [ "post" => $_POST, "raw" => $raw ] ]); exit; } / ----------------------------- Hash Password (SHA256) ------------------------------ / $hash = hash("sha256", $password); / ----------------------------- Query User ------------------------------ / $stmt = $conn->prepare(" SELECT id, username, fullname, role, line_user_id FROM users WHERE username = ? AND password_hash = ? LIMIT 1 "); $stmt = $conn->prepare(" SELECT id, username, fullname, role, line_user_id FROM users WHERE username = ? AND password_hash = ? "); if (!$stmt) { die(json_encode([ "status" => "error", "message" => "SQL prepare failed", "sql_error" => $conn->error ])); } $stmt->bind_param("ss", $username, $hash); $stmt->execute(); $result = $stmt->get_result(); $user = $result->fetch_assoc(); $stmt->close(); / ----------------------------- Check Result ------------------------------ / if (!$user) { echo json_encode([ "status" => "error", "message" => "Invalid username or password" ]); exit; } / ----------------------------- (Optional) Create Session ------------------------------ / $_SESSION['uid'] = $user['id']; $_SESSION['username'] = $user['username']; $_SESSION['role'] = $user['role']; / ----------------------------- Response ------------------------------ */ echo json_encode([ "status" => "ok", "user" => [ "id" => (int)$user['id'], "username" => $user['username'], "fullname" => $user['fullname'], "role" => $user['role'], "line_bound" => !empty($user['line_user_id']) ] ]);

| ver. 1.4 | Github | . | PHP 7.4.33 | Generation time: 0.41 | proxy | phpinfo | Settings