JasonWoof Got questions, comments, patches, etc.? Contact Jason Woofenden
make all require()s jumpable
[wfpl-cms.git] / admin_login.php
1 <?php
2
3 # This form requires wfpl. See: http://sametwice.com/wfpl
4
5 function admin_login_get_fields() {
6         $data = array();
7
8         $data['url'] = format_oneline($_REQUEST['url']);
9         $data['username'] = format_oneline($_REQUEST['username']);
10         $data['password'] = sha1(format_oneline($_REQUEST['password']));
11
12         return $data;
13 }
14
15
16 function admin_login_main() {
17         # Always accept "url" parameter, so might as well just:
18         $data = admin_login_get_fields();
19
20         if(strlen($data['username'])) {
21                 $row = db_get_assoc('admins', 'privs', 'where username=%" && password=%"', $data['username'], $data['password']);
22                 if($row) {
23                         session_new();
24                         session_set('auth_username', $data['username']);
25                         session_set('auth_' . $row['privs'], 'yes');
26                         if(!$data['url']) {
27                                 if ($row['privs'] == 'admin') {
28                                         $data['url'] = './admin';
29                                 } else {
30                                         $data['url'] = './';
31                                 }
32                         } elseif(strpos(':', $data['url']) !== false) {
33                                 $data['url'] = "./$data[url]";
34                         }
35
36                         # redirect to the page they were trying to access:
37                         return $data['url'];
38                 } else {
39                         message('Incorrect username and/or password.');
40                 }
41         }
42
43         # make sure the hashed password doesn't make it back to the front end
44         $data['password'] = '';
45
46         # display the form [again]
47         tem_set('form', $data);
48 }