+++ /dev/null
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
- $errors = array();\r
- $username = sanitize(trim($_POST["username"]));\r
- $password = trim($_POST["password"]);\r
- \r
- //Perform some validation\r
- //Feel free to edit / change as required\r
- if($username == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
- }\r
- if($password == "")\r
- {\r
- $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
- }\r
-\r
- if(count($errors) == 0)\r
- {\r
- //A security note here, never tell the user which credential was incorrect\r
- if(!usernameExists($username))\r
- {\r
- $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
- }\r
- else\r
- {\r
- $userdetails = fetchUserDetails($username);\r
- //See if the user's account is activated\r
- if($userdetails["active"]==0)\r
- {\r
- $errors[] = lang("ACCOUNT_INACTIVE");\r
- }\r
- else\r
- {\r
- //Hash the password and use the salt from the database to compare the password.\r
- $entered_pass = generateHash($password,$userdetails["password"]);\r
-\r
- echo "".$userdetails["password"];\r
- \r
- if($entered_pass != $userdetails["password"])\r
- {\r
- //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
- $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
- }\r
- else\r
- {\r
- //Passwords match! we're good to go'\r
- \r
- //Construct a new logged in user object\r
- //Transfer some db data to the session object\r
- $loggedInUser = new loggedInUser();\r
- $loggedInUser->email = $userdetails["email"];\r
- $loggedInUser->user_id = $userdetails["id"];\r
- $loggedInUser->hash_pw = $userdetails["password"];\r
- $loggedInUser->title = $userdetails["title"];\r
- $loggedInUser->displayname = $userdetails["display_name"];\r
- $loggedInUser->username = $userdetails["user_name"];\r
- \r
- //Update last sign in\r
- $loggedInUser->updateLastSignIn();\r
- $_SESSION["userCakeUser"] = $loggedInUser;\r
- \r
- //Redirect to user account page\r
- header("Location: account.php");\r
- die();\r
- }\r
- }\r
- }\r
- }\r
-}\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Login</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Username:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label> </label>\r
-<input type='submit' value='Login' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r