3 UserCake Version: 2.0.2
\r
7 require_once("models/config.php");
\r
8 if (!securePage($_SERVER['PHP_SELF'])){die();}
\r
10 //Prevent the user visiting the logged in page if he/she is already logged in
\r
11 if(isUserLoggedIn()) { header("Location: index.php"); die(); }
\r
17 $username = sanitize(trim($_POST["username"]));
\r
18 $password = trim($_POST["password"]);
\r
20 //Perform some validation
\r
21 //Feel free to edit / change as required
\r
24 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
\r
28 $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
\r
31 if(count($errors) == 0)
\r
33 //A security note here, never tell the user which credential was incorrect
\r
34 if(!usernameExists($username))
\r
36 $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
\r
40 $userdetails = fetchUserDetails($username);
\r
41 //See if the user's account is activated
\r
42 if($userdetails["active"]==0)
\r
44 $errors[] = lang("ACCOUNT_INACTIVE");
\r
48 //Hash the password and use the salt from the database to compare the password.
\r
49 $entered_pass = generateHash($password,$userdetails["password"]);
\r
51 //echo "".$userdetails["password"]; //Wut is dis
\r
53 if($entered_pass != $userdetails["password"])
\r
55 //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
\r
56 $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
\r
60 //Passwords match! we're good to go'
\r
62 //Construct a new logged in user object
\r
63 //Transfer some db data to the session object
\r
64 $loggedInUser = new loggedInUser();
\r
65 $loggedInUser->email = $userdetails["email"];
\r
66 $loggedInUser->user_id = $userdetails["id"];
\r
67 $loggedInUser->hash_pw = $userdetails["password"];
\r
68 $loggedInUser->title = $userdetails["title"];
\r
69 $loggedInUser->displayname = $userdetails["display_name"];
\r
70 $loggedInUser->username = $userdetails["user_name"];
\r
72 //Only allow login to admins
\r
73 if ($loggedInUser->checkPermission(array(2)))
\r
75 //Update last sign in
\r
76 $loggedInUser->updateLastSignIn();
\r
78 $_SESSION["userCakeUser"] = $loggedInUser;
\r
80 //Redirect to user account page
\r
81 header("Location: index.php");
\r
86 $errors[] = ("You are no admin :(");
\r
94 require_once("models/header.php");
\r
98 <div id="login-container">
\r
99 <div class="widget">
\r
100 <div class="title">Notice</div>
\r
101 This is the login page for site administration.<br>If you wish to log in
\r
102 to the main web-site, see <a href="#">here instead</a>.
\r
104 <div class="widget">
\r
105 <form id="login" name="login" action="'.$_SERVER["PHP_SELF"].'" method="post">
\r
109 <input name="username" type="text">
\r
115 <input name="password" type="password">
\r
118 <p style="float:left; margin:0;">
\r
119 <a href="forgot-password.php">Forgotten password?</a><br>
\r
120 <a href="register.php">Register</a>
\r
122 <p style="float:right; margin:0;">
\r
123 <input type="submit" value="Log In">
\r
126 echo resultBlock($errors,$successes);
\r