4 function login_get_fields() {
7 $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
8 $data['username'] = format_oneline(trim(_REQUEST_cut('username')));
9 $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
14 function login_main() {
15 $data = login_get_fields();
16 if (strlen($data['username']) && strlen($data['password'])) {
17 $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', format_auth_username($data['username']));
19 if (strlen($row['password'])) {
20 $needs_rehash = false;
21 $password_good = false;
22 if (substr($row['password'], 0, 5) === 'sha1:') {
23 if (sha1($data['password']) === substr($row['password'], 5)) {
24 $password_good = true;
28 if (!function_exists('password_hash')) {
29 require_once(DOCROOT . 'inc/password_funcs_backported.php');
31 if (password_verify($data['password'], $row['password'])) {
32 $password_good = true;
33 if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
40 $hash = password_hash($data['password'], PASSWORD_DEFAULT);
41 db_update('users', 'password', $hash, 'where id=%i', $row['id']);
45 session_set('auth_id', $row['id']);
46 # we're about to http redirect, so no need to update session_auth now
47 db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
48 message("You are now logged in.");
49 if(!$data['after_login_url']) {
50 if ($row['role'] == 'admin') {
51 $data['after_login_url'] = './admin';
53 $data['after_login_url'] = './';
55 } elseif(strpos(':', $data['after_login_url']) !== false) {
56 $data['after_login_url'] = "./$data[url]";
59 # redirect to the page they were trying to access:
60 return $data['after_login_url'];
63 message("Incorrect username and/or password");
65 $data['password'] = '';
66 tem_set('form', $data);
Got questions, comments, patches, etc.? Contact Jason Woofenden