3 # This form requires wfpl. See: http://sametwice.com/wfpl
5 function admin_login_get_fields() {
8 $data['url'] = format_oneline($_REQUEST['url']);
9 $data['username'] = format_oneline($_REQUEST['username']);
10 $data['password'] = sha1(format_oneline($_REQUEST['password']));
16 function admin_login_main() {
17 # Always accept "url" parameter, so might as well just:
18 $data = admin_login_get_fields();
20 if(strlen($data['username'])) {
21 $row = db_get_assoc('admins', 'privs', 'where username=%" && password=%"', $data['username'], $data['password']);
24 session_set('auth_username', $data['username']);
25 session_set('auth_' . $row['privs'], 'yes');
27 if ($row['privs'] == 'admin') {
28 $data['url'] = './admin';
32 } elseif(strpos(':', $data['url']) !== false) {
33 $data['url'] = "./$data[url]";
36 # redirect to the page they were trying to access:
39 message('Incorrect username and/or password.');
43 # make sure the hashed password doesn't make it back to the front end
44 $data['password'] = '';
46 # display the form [again]
47 tem_set('form', $data);
Got questions, comments, patches, etc.? Contact Jason Woofenden