Nicen the rego form and add back the change password form

[matches/MCTX3420.git] / testing / MCTXWeb / public_html / users / login.php

diff --git a/testing/MCTXWeb/public_html/users/login.php b/testing/MCTXWeb/public_html/users/login.php
index f0168da..95b22a4 100644 (file)
--- a/testing/MCTXWeb/public_html/users/login.php
+++ b/testing/MCTXWeb/public_html/users/login.php
@@ -8,7 +8,7 @@ require_once("models/config.php");
 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
 \r
 //Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+if(isUserLoggedIn()) { header("Location: index.php"); die(); }\r
 \r
 //Forms posted\r
 if(!empty($_POST))\r
@@ -47,6 +47,8 @@ if(!empty($_POST))
                        {\r
                                //Hash the password and use the salt from the database to compare the password.\r
                                $entered_pass = generateHash($password,$userdetails["password"]);\r
+\r
+                               //echo "".$userdetails["password"]; //Wut is dis\r
                                \r
                                if($entered_pass != $userdetails["password"])\r
                                {\r
@@ -67,13 +69,22 @@ if(!empty($_POST))
                                        $loggedInUser->displayname = $userdetails["display_name"];\r
                                        $loggedInUser->username = $userdetails["user_name"];\r
                                        \r
-                                       //Update last sign in\r
-                                       $loggedInUser->updateLastSignIn();\r
-                                       $_SESSION["userCakeUser"] = $loggedInUser;\r
-                                       \r
-                                       //Redirect to user account page\r
-                                       header("Location: account.php");\r
-                                       die();\r
+          //Only allow login to admins\r
+          if ($loggedInUser->checkPermission(array(2)))\r
+          {\r
+            //Update last sign in\r
+            $loggedInUser->updateLastSignIn();\r
+            \r
+            $_SESSION["userCakeUser"] = $loggedInUser;\r
+            \r
+            //Redirect to user account page\r
+            header("Location: index.php");\r
+            die();\r
+          }\r
+          else\r
+          {\r
+            $errors[] = ("You are no admin :(");\r
+          }\r
                                }\r
                        }\r
                }\r
@@ -81,45 +92,44 @@ if(!empty($_POST))
 }\r
 \r
 require_once("models/header.php");\r
+startPage();\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Login</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
+echo '\r
+      <div id="login-container">\r
+      <div class="widget">\r
+        <div class="title">Notice</div>\r
+        This is the login page for site administration.<br>If you wish to log in\r
+        to the main web-site, see <a href="#">here instead</a>.\r
+      </div>\r
+       <div class="widget">\r
+           <form id="login" name="login" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+             <p>\r
+               <label>\r
+                 Username<br>\r
+                 <input name="username" type="text">\r
+               </label>\r
+             </p>\r
+             <p>\r
+               <label>\r
+                 Password<br>\r
+                 <input name="password" type="password">\r
+               </label>             \r
+             </p>\r
+             <p style="float:left; margin:0;">\r
+               <a href="forgot-password.php">Forgotten password?</a><br>\r
+               <a href="register.php">Register</a>\r
+             </p>\r
+             <p style="float:right; margin:0;">\r
+               <input type="submit" value="Log In">\r
+             </p>\r
+';\r
 echo resultBlock($errors,$successes);\r
+echo '\r
+            </form>\r
+       </div>\r
+      </div>\r
+ ';\r
 \r
-echo "\r
-<div id='regbox'>\r
-<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Username:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label>&nbsp;</label>\r
-<input type='submit' value='Login' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+finishPage();\r
 \r
 ?>\r