userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin') { echo 'You are already logged in.'; exit; } // ################################################################### if (empty($_REQUEST['do'])) { echo << Email:
Password:
Remember Me: Yes
EOF; } // ################################################################### if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') { sanitize(array('email' => STR_NOHTML, 'password' => STR, 'rememberme' => INT)); if ($_POST['cplogin']) { $vars['rememberme'] = 1; } if ($_POST['goindex']) { $_SERVER['HTTP_REFERER'] = ''; } if ($_SERVER['HTTP_REFERER']) { $url = $_SERVER['HTTP_REFERER']; } else { $url = 'index.php'; } $userinfo = $DB_sql->query_first("SELECT * FROM user WHERE email = '" . addslasheslike($vars['email']) . "'"); if (md5(md5($vars['password']) . md5($userinfo['salt'])) == $userinfo['password']) { mysetcookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $vars['rememberme']); mysetcookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $vars['rememberme']); } else { mysetcookie(COOKIE_PREFIX . 'userid'); mysetcookie(COOKIE_PREFIX . 'authkey'); echo 'Invalid email or password.'; exit; } if ($_POST['do'] == 'cplogin') { mysetcookie(COOKIE_PREFIX . 'adminsession', md5(md5($userinfo['authkey']) . md5($userinfo['email']) . md5($userinfo['userid']))); } echo 'You are now logged in :-)'; header("Location: $url"); } // ################################################################### if ($_REQUEST['do'] == 'logout') { if ($bugsys->userinfo['userid']) { mysetcookie(COOKIE_PREFIX . 'userid'); mysetcookie(COOKIE_PREFIX . 'authkey'); } else { echo 'You need to be logged in!'; } } /*=====================================================================*\ || ################################################################### || # $HeadURL$ || # $Id$ || ################################################################### \*=====================================================================*/ ?>