testing/MCTXWeb/public_html/users/login.php

   1 <?php\r
   2 /*\r
   3 UserCake Version: 2.0.2\r
   4 http://usercake.com\r
   5 */\r
   6 \r
   7 require_once("models/config.php");\r
   8 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
   9 \r
  10 //Prevent the user visiting the logged in page if he/she is already logged in\r
  11 if(isUserLoggedIn()) { header("Location: index.php"); die(); }\r
  12 \r
  13 //Forms posted\r
  14 if(!empty($_POST))\r
  15 {\r
  16         $errors = array();\r
  17         $username = sanitize(trim($_POST["username"]));\r
  18         $password = trim($_POST["password"]);\r
  19         \r
  20         //Perform some validation\r
  21         //Feel free to edit / change as required\r
  22         if($username == "")\r
  23         {\r
  24                 $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
  25         }\r
  26         if($password == "")\r
  27         {\r
  28                 $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
  29         }\r
  30 \r
  31         if(count($errors) == 0)\r
  32         {\r
  33                 //A security note here, never tell the user which credential was incorrect\r
  34                 if(!usernameExists($username))\r
  35                 {\r
  36                         $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
  37                 }\r
  38                 else\r
  39                 {\r
  40                         $userdetails = fetchUserDetails($username);\r
  41                         //See if the user's account is activated\r
  42                         if($userdetails["active"]==0)\r
  43                         {\r
  44                                 $errors[] = lang("ACCOUNT_INACTIVE");\r
  45                         }\r
  46                         else\r
  47                         {\r
  48                                 //Hash the password and use the salt from the database to compare the password.\r
  49                                 $entered_pass = generateHash($password,$userdetails["password"]);\r
  50 \r
  51                                 //echo "".$userdetails["password"]; //Wut is dis\r
  52                                 \r
  53                                 if($entered_pass != $userdetails["password"])\r
  54                                 {\r
  55                                         //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
  56                                         $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
  57                                 }\r
  58                                 else\r
  59                                 {\r
  60                                         //Passwords match! we're good to go'\r
  61                                         \r
  62                                         //Construct a new logged in user object\r
  63                                         //Transfer some db data to the session object\r
  64                                         $loggedInUser = new loggedInUser();\r
  65                                         $loggedInUser->email = $userdetails["email"];\r
  66                                         $loggedInUser->user_id = $userdetails["id"];\r
  67                                         $loggedInUser->hash_pw = $userdetails["password"];\r
  68                                         $loggedInUser->title = $userdetails["title"];\r
  69                                         $loggedInUser->displayname = $userdetails["display_name"];\r
  70                                         $loggedInUser->username = $userdetails["user_name"];\r
  71                                         \r
  72           //Only allow login to admins\r
  73           if ($loggedInUser->checkPermission(array(2)))\r
  74           {\r
  75             //Update last sign in\r
  76             $loggedInUser->updateLastSignIn();\r
  77             \r
  78             $_SESSION["userCakeUser"] = $loggedInUser;\r
  79             \r
  80             //Redirect to user account page\r
  81             header("Location: index.php");\r
  82             die();\r
  83           }\r
  84           else\r
  85           {\r
  86             $errors[] = ("You are no admin :(");\r
  87           }\r
  88                                 }\r
  89                         }\r
  90                 }\r
  91         }\r
  92 }\r
  93 \r
  94 require_once("models/header.php");\r
  95 startPage();\r
  96 \r
  97 echo '\r
  98       <div id="login-container">\r
  99       <div class="widget">\r
 100         <div class="title">Notice</div>\r
 101         This is the login page for site administration.<br>If you wish to log in\r
 102         to the main web-site, see <a href="#">here instead</a>.\r
 103       </div>\r
 104        <div class="widget">\r
 105            <form id="login" name="login" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
 106              <p>\r
 107                <label>\r
 108                  Username<br>\r
 109                  <input name="username" type="text">\r
 110                </label>\r
 111              </p>\r
 112              <p>\r
 113                <label>\r
 114                  Password<br>\r
 115                  <input name="password" type="password">\r
 116                </label>             \r
 117              </p>\r
 118              <p style="float:left; margin:0;">\r
 119                <a href="forgot-password.php">Forgotten password?</a>\r
 120              </p>\r
 121              <p style="float:right; margin:0;">\r
 122                <input type="submit" value="Log In">\r
 123              </p>\r
 124 ';\r
 125 echo resultBlock($errors,$successes);\r
 126 echo '\r
 127             </form>\r
 128        </div>\r
 129       </div>\r
 130  ';\r
 131 \r
 132 finishPage();\r
 133 \r
 134 ?>\r