X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=login.php;h=802b95eddfcfa438bd6066cba5abeadc99b3f57b;hp=e63233479aff4a0b5c3e5b2ecd26a15b8b7d871b;hb=HEAD;hpb=b568a0fee40cca8d56b7a6b7d95a919451becc77

diff --git a/login.php b/login.php
index e632334..802b95e 100644
--- a/login.php
+++ b/login.php
@@ -2,66 +2,69 @@
 
 
 function login_get_fields() {
-	$data = array();
+    $data = array();
 
-	$data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
-	$data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
-	$data['password'] = format_oneline(trim(_REQUEST_cut('password')));
+    $data['after_login_url'] = format_oneline(_REQUEST_cut('after_login_url'));
+    $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
+    $data['password'] = format_oneline(trim(_REQUEST_cut('password')));
 
-	return $data;
+    return $data;
 }
 
 function login_main() {
-	$data = login_get_fields();
-	if (strlen($data['username']) && strlen($data['password'])) {
-		$row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
-		if ($row) # &&
-		if (strlen($row['password'])) {
-			$needs_rehash = false;
-			$password_good = false;
-			if (substr($row['password'], 0, 5) === 'sha1:') {
-				if (sha1($data['password']) === substr($row['password'], 5)) {
-					$password_good = true;
-					$needs_rehash = true;
-				}
-			} else {
-				if (!function_exists('password_hash')) {
-					require_once(DOCROOT . 'inc/password_funcs_backported.php');
-				}
-				if (password_verify($data['password'], $row['password'])) {
-					$password_good = true;
-					if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
-						$needs_rehash = true;
-					}
-				}
-			}
-			if ($password_good) {
-				if ($needs_rehash) {
-					$hash = password_hash($data['password'], PASSWORD_DEFAULT);
-					db_update('users', 'password', $hash, 'where id=%i', $row['id']);
-				}
+    $data = login_get_fields();
+    if (strlen($data['username']) && strlen($data['password'])) {
+        $row = db_get_assoc('users', 'id,name,role,password', 'where username=%"', $data['username']);
+        if ($row) # &&
+        if (strlen($row['password'])) {
+            $needs_rehash = false;
+            $password_good = false;
+            if (substr($row['password'], 0, 5) === 'sha1:') {
+                if (sha1($data['password']) === substr($row['password'], 5)) {
+                    $password_good = true;
+                    $needs_rehash = true;
+                }
+            } else {
+                if (!function_exists('password_hash')) {
+                    require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+                }
+                if (password_verify($data['password'], $row['password'])) {
+                    $password_good = true;
+                    if (password_needs_rehash($row['password'], PASSWORD_DEFAULT)) {
+                        $needs_rehash = true;
+                    }
+                }
+            }
+            if ($password_good) {
+                if ($needs_rehash) {
+                    if (!function_exists('password_hash')) {
+                        require_once(__DIR__.'/'.'inc/password_funcs_backported.php');
+                    }
+                    $hash = password_hash($data['password'], PASSWORD_DEFAULT);
+                    db_update('users', 'password', $hash, 'where id=%i', $row['id']);
+                }
 
-				session_new();
-				session_set('auth_id', $row['id']);
-				# we're about to http redirect, so no need to update session_auth now
-				db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
-				message("You are now logged in.");
-				if(!$data['after_login_url']) {
-					if ($row['role'] == 'admin') {
-						$data['after_login_url'] = './admin';
-					} else {
-						$data['after_login_url'] = './';
-					}
-				} elseif(strpos(':', $data['after_login_url']) !== false) {
-					$data['after_login_url'] = "./$data[url]";
-				}
+                session_new();
+                session_set('auth_id', $row['id']);
+                # we're about to http redirect, so no need to update session_auth now
+                db_update('users', 'last_login', time(), 'where id=%i', $row['id']);
+                message("You are now logged in.");
+                if(!$data['after_login_url']) {
+                    if ($row['role'] == 'admin') {
+                        $data['after_login_url'] = './admin';
+                    } else {
+                        $data['after_login_url'] = './';
+                    }
+                } elseif(strpos(':', $data['after_login_url']) !== false) {
+                    $data['after_login_url'] = "./$data[url]";
+                }
 
-				# redirect to the page they were trying to access:
-				return $data['after_login_url'];
-			}
-		}
-		message("Incorrect username and/or password");
-	}
-	$data['password'] = '';
-	tem_set('form', $data);
+                # redirect to the page they were trying to access:
+                return $data['after_login_url'];
+            }
+        }
+        message("Incorrect username and/or password");
+    }
+    $data['password'] = '';
+    tem_set('form', $data);
 }