3 # This form requires wfpl. See: http://jasonwoof.org/wfpl
5 function admin_login_get_fields() {
8 $data['url'] = format_oneline($_REQUEST['url']);
9 $data['username'] = format_oneline($_REQUEST['username']);
10 $data['password'] = sha1(format_oneline($_REQUEST['password']));
16 function admin_login_main() {
17 # Always accept "url" parameter, so might as well just:
18 $data = admin_login_get_fields();
20 if(strlen($data['username'])) {
21 $row = db_get_assoc('admins', 'privs', 'where username=%" && password=%"', $data['username'], $data['password']);
24 session_set('auth_username', $data['username']);
25 switch($row['privs']) {
27 session_set('auth_admin', 'yes');
29 $data['url'] = 'admin';
35 } elseif(strpos(':', $data['url']) !== false) {
36 $data['url'] = "./$data[url]";
39 # redirect to the page they were trying to access:
42 message('Incorrect username and/or password.');
46 # make sure the hashed password doesn't make it back to the front end
47 $data['password'] = '';
49 # display the form [again]
50 tem_set('form', $data);