+++ /dev/null
-<?php
-
-# This form requires wfpl. See: http://sametwice.com/wfpl
-
-function admin_login_get_fields() {
- $data = array();
-
- $data['url'] = format_oneline($_REQUEST['url']);
- $data['username'] = format_oneline($_REQUEST['username']);
- $data['password'] = sha1(format_oneline($_REQUEST['password']));
-
- return $data;
-}
-
-
-function admin_login_main() {
- # Always accept "url" parameter, so might as well just:
- $data = admin_login_get_fields();
-
- if(strlen($data['username'])) {
- $row = db_get_assoc('admins', 'privs', 'where username=%" && password=%"', $data['username'], $data['password']);
- if($row) {
- session_new();
- session_set('auth_username', $data['username']);
- session_set('auth_' . $row['privs'], 'yes');
- if(!$data['url']) {
- if ($row['privs'] == 'admin') {
- $data['url'] = './admin';
- } else {
- $data['url'] = './';
- }
- } elseif(strpos(':', $data['url']) !== false) {
- $data['url'] = "./$data[url]";
- }
-
- # redirect to the page they were trying to access:
- return $data['url'];
- } else {
- message('Incorrect username and/or password.');
- }
- }
-
- # make sure the hashed password doesn't make it back to the front end
- $data['password'] = '';
-
- # display the form [again]
- tem_set('form', $data);
-}