JasonWoof Got questions, comments, patches, etc.? Contact Jason Woofenden
hover admin links top/right
[wfpl-cms.git] / login.php
1 <?php
2
3
4 function login_get_fields() {
5         $data = array();
6
7         $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
8         $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
9         $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
10
11         return $data;
12 }
13
14 function login_main() {
15         $data = login_get_fields();
16         if (strlen($data['username']) && strlen($data['password'])) {
17                 $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
18                 if ($row) # &&
19                 if (strlen($row['password'])) {
20                         $needs_rehash = false;
21                         $password_good = false;
22                         if (substr($row['password'], 0, 5) === 'sha1:') {
23                                 if (sha1($data['password']) === substr($row['password'], 5)) {
24                                         $password_good = true;
25                                         $needs_rehash = true;
26                                 }
27                         } else {
28                                 if (!function_exists('password_hash')) {
29                                         require_once(DOCROOT . 'inc/password_funcs_backported.php');
30                                 }
31                                 if (password_verify($data['password'], $row['password'])) {
32                                         $password_good = true;
33                                         if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
34                                                 $needs_rehash = true;
35                                         }
36                                 }
37                         }
38                         if ($password_good) {
39                                 if ($needs_rehash) {
40                                         if (!function_exists('password_hash')) {
41                                                 require_once(DOCROOT . 'inc/password_funcs_backported.php');
42                                         }
43                                         $hash = password_hash($data['password'], PASSWORD_DEFAULT);
44                                         db_update('users', 'password', $hash, 'where id=%i', $row['id']);
45                                 }
46
47                                 session_new();
48                                 session_set('auth_id', $row['id']);
49                                 # we're about to http redirect, so no need to update session_auth now
50                                 db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
51                                 message("You are now logged in.");
52                                 if(!$data['after_login_url']) {
53                                         if ($row['role'] == 'admin') {
54                                                 $data['after_login_url'] = './admin';
55                                         } else {
56                                                 $data['after_login_url'] = './';
57                                         }
58                                 } elseif(strpos(':', $data['after_login_url']) !== false) {
59                                         $data['after_login_url'] = "./$data[url]";
60                                 }
61
62                                 # redirect to the page they were trying to access:
63                                 return $data['after_login_url'];
64                         }
65                 }
66                 message("Incorrect username and/or password");
67         }
68         $data['password'] = '';
69         tem_set('form', $data);
70 }