admin_login.php

   1 <?php
   2
   3 # This form requires wfpl. See: http://jasonwoof.org/wfpl
   4
   5 function admin_login_get_fields() {
   6         $data = array();
   7
   8         $data['url'] = format_oneline($_REQUEST['url']);
   9         $data['username'] = format_oneline($_REQUEST['username']);
  10         $data['password'] = format_oneline($_REQUEST['password']);
  11
  12         return $data;
  13 }
  14
  15
  16 function admin_login_main() {
  17         # Always accept "url" parameter, so might as well just:
  18         $data = admin_login_get_fields();
  19
  20         if(strlen($data['username'])) {
  21                 if($data['username'] == CMS_ADMIN_USER &&
  22                    sha1($data['password']) == CMS_ADMIN_PASS) {
  23                         session_new();
  24                         session_set('auth_username', $username);
  25                         session_set('auth_admin', 'yes');
  26                         require_once('code/wfpl/http.php');
  27                         if(!$data['url']) {
  28                                 $data['url'] = './admin';
  29                         } elseif(strpos(':', $data['url']) !== false) {
  30                                 $data['url'] = "./$data[url]";
  31                         }
  32
  33                         # redirect to the page they were trying to access:
  34                         return $data['url'];
  35                 } else {
  36                         message('Incorrect username and/or password.');
  37                 }
  38         }
  39
  40         # Don't put (even failed) password back into the form
  41         $data['password'] = '';
  42
  43         # display the form [again]
  44         tem_set('form', $data);
  45 }