+
+function logged_in() {
+ return session_exists_and_authed();
+}
+
+# 1st arg: the correct encrypted password
+# 2nd arg: clear-text password entered by someone
+function check_password($encrypted, $pass) {
+ if(strpos($encrypted, ':') !== 32) {
+ die("password field corrupted");
+ }
+
+ list($md5, $salt) = explode(':', $encrypted);
+
+ if(md5($salt . $pass) == $md5) {
+ return true;
+ }
+
+ return false;
+}
+
+function encrypt_password($plain) {
+ $password = '';
+
+ $salt = substr(md5(rand() . "f"), 0, 2); # FIXME make this more effecient and clear
+
+ $password = md5($salt . $plain) . ':' . $salt;
+
+ return $password;
+}