-
Notifications
You must be signed in to change notification settings - Fork 42
/
login.php
95 lines (81 loc) · 2.1 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
/**
* Login Screen
*
* Handles the login process
*
* @package Multiuser
* @author Mike Clark <[email protected]>
* @version $Id: login.php,v 2.27 2010/04/04 10:34:21 andig2 Exp $
*/
require_once './core/functions.php';
/**
* Remove all session data after login or logout
*
* @author Andreas Goetz <[email protected]>
*/
function clear_session()
{
$_SESSION['vdb'] = array();
// get script folder for cookie path
$subdir = substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'],'/')) . '/';
setcookie('VDBuserid', '', time()-7200, $subdir);
setcookie('VDBusername', '', time()-7200, $subdir);
setcookie('VDBpassword', '', time()-7200, $subdir);
}
/**
* input
*/
$username = req_string('username');
$password = req_string('password');
$refer = req_string('refer');
// make sure caches are clean
clear_permission_cache();
// Cookie exists but user and pass wasn't given? -> logout
if (!isset($username) && !isset($password) &&
isset($_COOKIE['VDBusername']) && isset($_COOKIE['VDBpassword']))
{
clear_session();
redirect('login.php?error='.urlencode($lang['msg_loggedoff']));
}
// login not yet successful
$login = false;
// Check that user entered stuff in username and password boxes
if (!empty($username) && !empty($password))
{
// Lets check the format of username to make sure its ok
if (!preg_match('/[a-z]/i', $username))
{
$error = $lang['msg_invalidchar'];
}
else
{
$res = runSQL("SELECT passwd, id FROM ".TBL_USERS." WHERE name='$username'");
// if the md5 of the entered password = whats in the database then
// set all the cookies up again
if (md5($password) == $res[0]['passwd'])
{
$userid = $res[0]['id'];
login_as($userid, $permanent);
$login = true;
}
else
{
$error = $lang['msg_loginfailed'];
}
}
}
if ($login)
{
if (empty($refer)) $refer = 'index.php';
redirect(urldecode($refer));
}
else
{
// prepare templates
tpl_page('multiuser');
$smarty->assign('error', $error);
$smarty->assign('refer', $refer);
// display templates
tpl_display('login.tpl');
}