2026-01-19 08:35:00 +03:00
|
|
|
|
<?php
|
|
|
|
|
|
error_reporting(E_ALL);
|
2026-01-19 08:57:58 +03:00
|
|
|
|
ini_set('display_errors', 0);
|
|
|
|
|
|
ini_set('display_startup_errors', 0);
|
2026-01-19 08:35:00 +03:00
|
|
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
|
|
require_once '../config/db.php';
|
2026-01-19 08:57:58 +03:00
|
|
|
|
require_once '../config/session.php';
|
2026-01-19 08:35:00 +03:00
|
|
|
|
|
2026-01-19 08:57:58 +03:00
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
|
|
|
|
http_response_code(405);
|
|
|
|
|
|
echo json_encode(['success' => false, 'message' => 'Метод не поддерживается']);
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
|
if (!is_array($data)) {
|
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
|
echo json_encode(['success' => false, 'message' => 'Некорректные данные']);
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
$login = trim($data['username'] ?? '');
|
|
|
|
|
|
$password = $data['password'] ?? '';
|
2026-01-19 16:31:13 +03:00
|
|
|
|
$siteAlias = strtolower(trim($data['site_alias'] ?? ''));
|
2026-01-19 15:27:18 +03:00
|
|
|
|
|
|
|
|
|
|
if ($siteAlias === '') {
|
|
|
|
|
|
http_response_code(400);
|
|
|
|
|
|
echo json_encode(['success' => false, 'message' => 'Не указан сайт']);
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
2026-01-19 08:57:58 +03:00
|
|
|
|
|
|
|
|
|
|
// Поиск пользователя по username
|
2026-01-19 15:27:18 +03:00
|
|
|
|
$stmt = $pdo->prepare("SELECT id, username, password_hash, ok5, o7, o10m, o10a, webp FROM users WHERE username = ?");
|
2026-01-19 08:57:58 +03:00
|
|
|
|
$stmt->execute([$login]);
|
|
|
|
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
|
|
if ($user && password_verify($password, $user['password_hash'])) {
|
2026-01-19 15:27:18 +03:00
|
|
|
|
$allowedAliases = ['ok5', 'o7', 'o10m', 'o10a', 'webp'];
|
|
|
|
|
|
if (!in_array($siteAlias, $allowedAliases, true)) {
|
|
|
|
|
|
echo json_encode(['success' => false, 'message' => 'Неизвестный сайт']);
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if ((int)$user[$siteAlias] !== 1) {
|
|
|
|
|
|
echo json_encode(['success' => false, 'message' => 'Нет доступа к сайту']);
|
|
|
|
|
|
exit;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-19 08:57:58 +03:00
|
|
|
|
// Успешная авторизация
|
|
|
|
|
|
session_regenerate_id(true);
|
|
|
|
|
|
$_SESSION['user_id'] = $user['id'];
|
|
|
|
|
|
$_SESSION['username'] = $user['username'];
|
|
|
|
|
|
|
|
|
|
|
|
echo json_encode([
|
|
|
|
|
|
'success' => true,
|
|
|
|
|
|
'message' => 'Вход выполнен успешно',
|
|
|
|
|
|
'user' => [
|
|
|
|
|
|
'id' => $user['id'],
|
|
|
|
|
|
'username' => $user['username'],
|
|
|
|
|
|
]
|
|
|
|
|
|
]);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
echo json_encode(['success' => false, 'message' => 'Неверные учетные данные']);
|
2026-01-19 08:35:00 +03:00
|
|
|
|
}
|
|
|
|
|
|
?>
|
