login.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # Renapsus [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # ||
   7 || # part of this file may be reproduced in any way: part or whole.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 $fetchtemplates = array(
  14         'login'
  15 );
  16
  17 require_once('./global.php');
  18
  19 // ###################################################################
  20
  21 if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin')
  22 {
  23         echo 'You are already logged in.';
  24         exit;
  25 }
  26
  27 // ###################################################################
  28
  29 if (empty($_REQUEST['do']))
  30 {
  31         eval('$tpl->flush("' . $tpl->fetch('login') . '");');
  32 }
  33
  34 // ###################################################################
  35
  36 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
  37 {
  38         sanitize(array('email' => STR_NOHTML, 'password' => STR, 'rememberme' => INT));
  39
  40         if ($_POST['cplogin'])
  41         {
  42                 $vars['rememberme'] = 1;
  43         }
  44
  45         if ($_POST['goindex'])
  46         {
  47                 $_SERVER['HTTP_REFERER'] = '';
  48         }
  49
  50         if ($_SERVER['HTTP_REFERER'])
  51         {
  52                 $url = $_SERVER['HTTP_REFERER'];
  53         }
  54         else
  55         {
  56                 $url = 'index.php';
  57         }
  58
  59         $userinfo = $DB_sql->query_first("SELECT * FROM user WHERE email = '" . addslasheslike($vars['email']) . "'");
  60         if (md5(md5($vars['password']) . md5($userinfo['salt'])) == $userinfo['password'])
  61         {
  62                 mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $vars['rememberme']);
  63                 mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $vars['rememberme']);
  64         }
  65         else
  66         {
  67                 mysetcookie(COOKIE_PREFIX . 'userid');
  68                 mysetcookie(COOKIE_PREFIX . 'authkey');
  69                 echo 'Invalid email or password.';
  70                 exit;
  71         }
  72
  73         if ($_POST['do'] == 'cplogin')
  74         {
  75                 mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid'])));
  76         }
  77
  78         echo 'You are now logged in :-)';
  79
  80         header("Location: $url");
  81 }
  82
  83 // ###################################################################
  84
  85 if ($_REQUEST['do'] == 'logout')
  86 {
  87         if ($bugsys->userinfo['userid'])
  88         {
  89                 mysetcookie(COOKIE_PREFIX . 'userid');
  90                 mysetcookie(COOKIE_PREFIX . 'authkey');
  91         }
  92         else
  93         {
  94                 echo 'You need to be logged in!';
  95         }
  96 }
  97
  98 /*=====================================================================*\
  99 || ###################################################################
 100 || # $HeadURL$
 101 || # $Id$
 102 || ###################################################################
 103 \*=====================================================================*/
 104 ?>