<?php
+# Copyright (C) 2008 Jason Woofenden
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
function login_get_fields() {
$username = format_oneline($_REQUEST['username']);
tem_set('username', $username);
if(isset($_REQUEST['username'])) {
list($username, $password, $url) = login_get_fields();
- if($username == 'test' && $password == 'test') {
- message("Logged in successfully.");
- session_new();
- session_set('auth_username', "admin:$id");
- if($url) {
- return $url;
- } else {
- return './';
+ $row = db_get_row('people', 'id,password', 'where username=%"', $username);
+
+ if($row) {
+ list($id, $password_hash) = $row;
+
+ if($password_hash && check_password($password_hash, $password)) {
+ message("Logged in successfully.");
+ session_new();
+ session_set('auth_username', "$id");
+ if($url) {
+ return $url;
+ } else {
+ return './';
+ }
}
}