X-Git-Url: https://jasonwoof.com/gitweb/?p=contractor-progress.git;a=blobdiff_plain;f=login.php;h=f0eb6dd32d5a720a3bd7fb15f5c1863cd09ce858;hp=0d77fa27968371af888e0abdf1ea928e575f3264;hb=ee6685eef368fdd21c4916b32a0ad26880146cce;hpb=5cc6274a058be9a9cf9d7d3e1d169870cad90353

diff --git a/login.php b/login.php
index 0d77fa2..f0eb6dd 100644
--- a/login.php
+++ b/login.php
@@ -1,5 +1,20 @@
 <?php
 
+#  Copyright (C) 2008  Jason Woofenden
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU Affero General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU Affero General Public License for more details.
+#
+#  You should have received a copy of the GNU Affero General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 function login_get_fields() {
 	$username = format_oneline($_REQUEST['username']);
 	tem_set('username', $username);
@@ -21,14 +36,20 @@ function login_main() {
 	if(isset($_REQUEST['username'])) {
 		list($username, $password, $url) = login_get_fields();
 
-		if($username == 'test' && $password == 'test') {
-			message("Logged in successfully.");
-			session_new();
-			session_set('auth_username', "admin:$id");
-			if($url) {
-				return $url;
-			} else {
-				return './';
+		$row = db_get_row('people', 'id,password', 'where username=%"', $username);
+
+		if($row) {
+			list($id, $password_hash) = $row;
+
+			if($password_hash && check_password($password_hash, $password)) {
+				message("Logged in successfully.");
+				session_new();
+				session_set('auth_username', "$id");
+				if($url) {
+					return $url;
+				} else {
+					return './';
+				}
 			}
 		}