JasonWoof Got questions, comments, patches, etc.? Contact Jason Woofenden
ckeditor plugin for wfpl cms images mostly working
[wfpl-cms.git] / admin_login.php
1 <?php
2
3 # This form requires wfpl. See: http://jasonwoof.org/wfpl
4
5 function admin_login_get_fields() {
6         $data = array();
7
8         $data['url'] = format_oneline($_REQUEST['url']);
9         $data['username'] = format_oneline($_REQUEST['username']);
10         $data['password'] = sha1(format_oneline($_REQUEST['password']));
11
12         return $data;
13 }
14
15
16 function admin_login_main() {
17         # Always accept "url" parameter, so might as well just:
18         $data = admin_login_get_fields();
19
20         if(strlen($data['username'])) {
21                 $row = db_get_assoc('admins', 'privs', 'where username=%" && password=%"', $data['username'], $data['password']);
22                 if($row) {
23                         session_new();
24                         session_set('auth_username', $data['username']);
25                         switch($row['privs']) {
26                                 case 'admin':
27                                         session_set('auth_admin', 'yes');
28                                         if(!$data['url']) {
29                                                 $data['url'] = 'admin';
30                                         }
31                                 break;
32                         }
33                         if(!$data['url']) {
34                                 $data['url'] = './';
35                         } elseif(strpos(':', $data['url']) !== false) {
36                                 $data['url'] = "./$data[url]";
37                         }
38
39                         # redirect to the page they were trying to access:
40                         return $data['url'];
41                 } else {
42                         message('Incorrect username and/or password.');
43                 }
44         }
45
46         # make sure the hashed password doesn't make it back to the front end
47         $data['password'] = '';
48
49         # display the form [again]
50         tem_set('form', $data);
51 }