4 function login_get_fields() {
7 $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
8 $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
9 $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
14 function login_main() {
15 $data = login_get_fields();
16 if (strlen($data['username']) && strlen($data['password'])) {
17 $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
19 if (strlen($row['password'])) {
20 $needs_rehash = false;
21 $password_good = false;
22 if (substr($row['password'], 0, 5) === 'sha1:') {
23 if (sha1($data['password']) === substr($row['password'], 5)) {
24 $password_good = true;
28 if (!function_exists('password_hash')) {
29 require_once(DOCROOT . 'inc/password_funcs_backported.php');
31 if (password_verify($data['password'], $row['password'])) {
32 $password_good = true;
33 if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
40 if (!function_exists('password_hash')) {
41 require_once(DOCROOT . 'inc/password_funcs_backported.php');
43 $hash = password_hash($data['password'], PASSWORD_DEFAULT);
44 db_update('users', 'password', $hash, 'where id=%i', $row['id']);
48 session_set('auth_id', $row['id']);
49 # we're about to http redirect, so no need to update session_auth now
50 db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
51 message("You are now logged in.");
52 if(!$data['after_login_url']) {
53 if ($row['role'] == 'admin') {
54 $data['after_login_url'] = './admin';
56 $data['after_login_url'] = './';
58 } elseif(strpos(':', $data['after_login_url']) !== false) {
59 $data['after_login_url'] = "./$data[url]";
62 # redirect to the page they were trying to access:
63 return $data['after_login_url'];
66 message("Incorrect username and/or password");
68 $data['password'] = '';
69 tem_set('form', $data);