if (!securePage($_SERVER['PHP_SELF'])){die();}\r
\r
//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+if(isUserLoggedIn()) { header("Location: index.php"); die(); }\r
\r
//Forms posted\r
if(!empty($_POST))\r
//Hash the password and use the salt from the database to compare the password.\r
$entered_pass = generateHash($password,$userdetails["password"]);\r
\r
- echo "".$userdetails["password"];\r
+ //echo "".$userdetails["password"]; //Wut is dis\r
\r
if($entered_pass != $userdetails["password"])\r
{\r
$loggedInUser->displayname = $userdetails["display_name"];\r
$loggedInUser->username = $userdetails["user_name"];\r
\r
- //Update last sign in\r
- $loggedInUser->updateLastSignIn();\r
- $_SESSION["userCakeUser"] = $loggedInUser;\r
- \r
- //Redirect to user account page\r
- header("Location: account.php");\r
- die();\r
+ //Only allow login to admins\r
+ if ($loggedInUser->checkPermission(array(2)))\r
+ {\r
+ //Update last sign in\r
+ $loggedInUser->updateLastSignIn();\r
+ \r
+ $_SESSION["userCakeUser"] = $loggedInUser;\r
+ \r
+ //Redirect to user account page\r
+ header("Location: index.php");\r
+ die();\r
+ }\r
+ else\r
+ {\r
+ $errors[] = ("You are no admin :(");\r
+ }\r
}\r
}\r
}\r
}\r
\r
require_once("models/header.php");\r
+startPage();\r
\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Login</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
+echo '\r
+ <div id="login-container">\r
+ <div class="widget">\r
+ <div class="title">Notice</div>\r
+ This is the login page for site administration.<br>If you wish to log in\r
+ to the main web-site, see <a href="..">here instead</a>.\r
+ </div>\r
+ <div class="widget">\r
+ <form id="login" name="login" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+ <p>\r
+ <label>\r
+ Username<br>\r
+ <input name="username" type="text">\r
+ </label>\r
+ </p>\r
+ <p>\r
+ <label>\r
+ Password<br>\r
+ <input name="password" type="password">\r
+ </label> \r
+ </p>\r
+ <p style="float:left; margin:0;">\r
+ <a href="forgot-password.php">Forgotten password?</a><br>\r
+ <a href="register.php">Register</a>\r
+ </p>\r
+ <p style="float:right; margin:0;">\r
+ <input type="submit" value="Log In">\r
+ </p>\r
+';\r
echo resultBlock($errors,$successes);\r
+echo '\r
+ </form>\r
+ </div>\r
+ </div>\r
+ ';\r
\r
-echo "\r
-<div id='regbox'>\r
-<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Username:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Login' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+finishPage();\r
\r
?>\r