X-Git-Url: https://jasonwoof.com/gitweb/?p=contractor-progress.git;a=blobdiff_plain;f=login.php;h=3e88184bbd8911bf893895b1d2dd9f997df6b250;hp=0d77fa27968371af888e0abdf1ea928e575f3264;hb=HEAD;hpb=5cc6274a058be9a9cf9d7d3e1d169870cad90353

diff --git a/login.php b/login.php
index 0d77fa2..3e88184 100644
--- a/login.php
+++ b/login.php
@@ -1,5 +1,20 @@
 <?php
 
+#  Copyright (C) 2008  Jason Woofenden
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU Affero General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Affero General Public License for more details.
+#
+#  You should have received a copy of the GNU Affero General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 function login_get_fields() {
 	$username = format_oneline($_REQUEST['username']);
 	tem_set('username', $username);
@@ -21,20 +36,28 @@ function login_main() {
 	if(isset($_REQUEST['username'])) {
 		list($username, $password, $url) = login_get_fields();
 
-		if($username == 'test' && $password == 'test') {
-			message("Logged in successfully.");
-			session_new();
-			session_set('auth_username', "admin:$id");
-			if($url) {
-				return $url;
-			} else {
-				return './';
+		$row = db_get_row('people', 'id,password', 'where username=%"', $username);
+
+		if($row) {
+			list($id, $password_hash) = $row;
+
+			if($password_hash && check_password($password_hash, $password)) {
+				message("Logged in successfully.");
+				session_new();
+				session_set('auth_username', "$id");
+				if($id == '1') {
+					session_set('auth_admin', 'yes');
+				}
+				if($url) {
+					return $url;
+				} else {
+					return './';
+				}
 			}
 		}
 
-		tem_sub('failed');
+		tem_set('failed');
 	}
-	tem_sub('main_body');
 }
 
 ?>