login.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # Renapsus [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # All parts of this file are ©2002-[#]year[#] Iris Studios, Inc. No     # ||
   7 || # part of this file may be reproduced in any way: part or whole.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # ©2002 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 $fetchtemplates = array(
  14         'login'
  15 );
  16
  17 require_once('./global.php');
  18
  19 // ###################################################################
  20
  21 if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin')
  22 {
  23         echo 'You are already logged in.';
  24         exit;
  25 }
  26
  27 // ###################################################################
  28
  29 if (empty($_REQUEST['do']))
  30 {
  31         eval('$tpl->flush("' . $tpl->fetch('login') . '");');
  32 }
  33
  34 // ###################################################################
  35
  36 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
  37 {
  38         sanitize(array('email' => STR_NOHTML, 'password' => STR, 'rememberme' => INT));
  39
  40         if ($_POST['cplogin'])
  41         {
  42                 $vars['rememberme'] = 0;
  43         }
  44
  45         if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
  46         {
  47                 $url = $_SERVER['HTTP_REFERER'];
  48         }
  49         else
  50         {
  51                 $url = 'index.php';
  52         }
  53
  54         $userinfo = $DB_sql->query_first("SELECT * FROM user WHERE email = '" . addslasheslike($vars['email']) . "'");
  55         if (md5(md5($vars['password']) . md5($userinfo['salt'])) == $userinfo['password'])
  56         {
  57                 mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $vars['rememberme']);
  58                 mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $vars['rememberme']);
  59         }
  60         else
  61         {
  62                 mysetcookie(COOKIE_PREFIX . 'userid');
  63                 mysetcookie(COOKIE_PREFIX . 'authkey');
  64                 echo 'Invalid email or password.';
  65                 exit;
  66         }
  67
  68         if ($_POST['do'] == 'cplogin')
  69         {
  70                 mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])), false);
  71         }
  72
  73         echo 'You are now logged in :-)';
  74
  75         header("Location: $url");
  76 }
  77
  78 // ###################################################################
  79
  80 if ($_REQUEST['do'] == 'logout')
  81 {
  82         if ($bugsys->userinfo['userid'])
  83         {
  84                 mysetcookie(COOKIE_PREFIX . 'userid');
  85                 mysetcookie(COOKIE_PREFIX . 'authkey');
  86         }
  87         else
  88         {
  89                 echo 'You need to be logged in!';
  90         }
  91 }
  92
  93 /*=====================================================================*\
  94 || ###################################################################
  95 || # $HeadURL$
  96 || # $Id$
  97 || ###################################################################
  98 \*=====================================================================*/
  99 ?>