function login_get_fields() {
- $data = array();
+ $data = array();
- $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
- $data['username'] = format_oneline(trim(_REQUEST_cut('username')));
- $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
+ $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
+ $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
+ $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
- return $data;
+ return $data;
}
function login_main() {
- $data = login_get_fields();
- if (strlen($data['username']) && strlen($data['password'])) {
- $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', format_auth_username($data['username']));
- if ($row) # &&
- if (strlen($row['password'])) {
- $needs_rehash = false;
- $password_good = false;
- if (substr($row['password'], 0, 5) === 'sha1:') {
- if (sha1($data['password']) === substr($row['password'], 5)) {
- $password_good = true;
- $needs_rehash = true;
- }
- } else {
- if (!function_exists('password_hash')) {
- require_once(DOCROOT . 'inc/password_funcs_backported.php');
- }
- if (password_verify($data['password'], $row['password'])) {
- $password_good = true;
- if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
- $needs_rehash = true;
- }
- }
- }
- if ($password_good) {
- if ($needs_rehash) {
- $hash = password_hash($data['password'], PASSWORD_DEFAULT);
- db_update('users', 'password', $hash, 'where id=%i', $row['id']);
- }
+ $data = login_get_fields();
+ if (strlen($data['username']) && strlen($data['password'])) {
+ $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
+ if ($row) # &&
+ if (strlen($row['password'])) {
+ $needs_rehash = false;
+ $password_good = false;
+ if (substr($row['password'], 0, 5) === 'sha1:') {
+ if (sha1($data['password']) === substr($row['password'], 5)) {
+ $password_good = true;
+ $needs_rehash = true;
+ }
+ } else {
+ if (!function_exists('password_hash')) {
+ require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+ }
+ if (password_verify($data['password'], $row['password'])) {
+ $password_good = true;
+ if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
+ $needs_rehash = true;
+ }
+ }
+ }
+ if ($password_good) {
+ if ($needs_rehash) {
+ if (!function_exists('password_hash')) {
+ require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+ }
+ $hash = password_hash($data['password'], PASSWORD_DEFAULT);
+ db_update('users', 'password', $hash, 'where id=%i', $row['id']);
+ }
- session_new();
- session_set('auth_id', $row['id']);
- # we're about to http redirect, so no need to update session_auth now
- db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
- message("You are now logged in.");
- if(!$data['after_login_url']) {
- if ($row['role'] == 'admin') {
- $data['after_login_url'] = './admin';
- } else {
- $data['after_login_url'] = './';
- }
- } elseif(strpos(':', $data['after_login_url']) !== false) {
- $data['after_login_url'] = "./$data[url]";
- }
+ session_new();
+ session_set('auth_id', $row['id']);
+ # we're about to http redirect, so no need to update session_auth now
+ db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
+ message("You are now logged in.");
+ if(!$data['after_login_url']) {
+ if ($row['role'] == 'admin') {
+ $data['after_login_url'] = './admin';
+ } else {
+ $data['after_login_url'] = './';
+ }
+ } elseif(strpos(':', $data['after_login_url']) !== false) {
+ $data['after_login_url'] = "./$data[url]";
+ }
- # redirect to the page they were trying to access:
- return $data['after_login_url'];
- }
- }
- message("Incorrect username and/or password");
- }
- $data['password'] = '';
- tem_set('form', $data);
+ # redirect to the page they were trying to access:
+ return $data['after_login_url'];
+ }
+ }
+ message("Incorrect username and/or password");
+ }
+ $data['password'] = '';
+ tem_set('form', $data);
}
Got questions, comments, patches, etc.? Contact Jason Woofenden