login.php

   1 <?php
   2
   3 #  Copyright (C) 2008  Jason Woofenden
   4 #
   5 #  This program is free software: you can redistribute it and/or modify
   6 #  it under the terms of the GNU Affero General Public License as published by
   7 #  the Free Software Foundation, either version 3 of the License, or
   8 #  (at your option) any later version.
   9 #
  10 #  This program is distributed in the hope that it will be useful,
  11 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 #  GNU Affero General Public License for more details.
  14 #
  15 #  You should have received a copy of the GNU Affero General Public License
  16 #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17
  18 function login_get_fields() {
  19         $username = format_oneline($_REQUEST['username']);
  20         tem_set('username', $username);
  21
  22         $password = format_oneline($_REQUEST['password']);
  23
  24         $url = format_unix($_REQUEST['url']);
  25         tem_set('url', $url);
  26
  27         return array($username, $password, $url);
  28 }
  29
  30 function login_main() {
  31         if(isset($GLOBALS['url'])) {
  32                 $_REQUEST['url'] = $GLOBALS['url'];
  33                 tem_set('url', $GLOBALS['url']);
  34         }
  35
  36         if(isset($_REQUEST['username'])) {
  37                 list($username, $password, $url) = login_get_fields();
  38
  39                 $row = db_get_row('people', 'id,password', 'where username=%"', $username);
  40
  41                 if($row) {
  42                         list($id, $password_hash) = $row;
  43
  44                         if($password_hash && check_password($password_hash, $password)) {
  45                                 message("Logged in successfully.");
  46                                 session_new();
  47                                 session_set('auth_username', "$id");
  48                                 if($id == '1') {
  49                                         session_set('auth_admin', 'yes');
  50                                 }
  51                                 if($url) {
  52                                         return $url;
  53                                 } else {
  54                                         return './';
  55                                 }
  56                         }
  57                 }
  58
  59                 tem_set('failed');
  60         }
  61 }
  62
  63 ?>