2015-09-19 09:19:56 +00:00
< ? php
register_module ([
" name " => " Login " ,
2015-10-10 12:00:46 +00:00
" version " => " 0.7 " ,
2015-09-19 09:19:56 +00:00
" author " => " Starbeamrainbowlabs " ,
" description " => " Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login. " ,
" id " => " page-login " ,
" code " => function () {
/*
* _ _
* | | ___ __ _ ( _ ) _ __
* | |/ _ \ / _ ` | | ' _ \
* | | ( _ ) | ( _ | | | | | |
* | _ | \___ / \__ , | _ | _ | | _ |
* | ___ / % login %
*/
add_action ( " login " , function () {
global $settings ;
$title = " Login to $settings->sitename " ;
$content = " <h1>Login to $settings->sitename </h1> \n " ;
if ( isset ( $_GET [ " failed " ]))
$content .= " \t \t <p><em>Login failed.</em></p> \n " ;
$content .= " \t \t <form method='post' action='index.php?action=checklogin&returnto= " . rawurlencode ( $_SERVER [ 'REQUEST_URI' ]) . " '>
< label for = 'user' > Username :</ label >
< input type = 'text' name = 'user' id = 'user' />
< br />
< label for = 'pass' > Password :</ label >
< input type = 'password' name = 'pass' id = 'pass' />
< br />
< input type = 'submit' value = 'Login' />
</ form > " ;
exit ( page_renderer :: render_main ( $title , $content ));
});
/*
* _ _ _ _
* ___ | | __ ___ ___ | | _ | | ___ __ _ ( _ ) _ __
* / __ | '_ \ / _ \/ __| |/ / |/ _ \ / _` | | ' _ \
* | ( __ | | | | __ / ( __ | <| | ( _ ) | ( _ | | | | | |
* \___ | _ | | _ | \___ | \___ | _ | \_\_ | \___ / \__ , | _ | _ | | _ |
* % checklogin % | ___ /
*/
add_action ( " checklogin " , function () {
2015-09-22 13:34:18 +00:00
global $settings , $env ;
2015-09-19 09:19:56 +00:00
//actually do the login
if ( isset ( $_POST [ " user " ]) and isset ( $_POST [ " pass " ]))
{
//the user wants to log in
$user = $_POST [ " user " ];
$pass = $_POST [ " pass " ];
2015-10-10 12:00:46 +00:00
if ( $settings -> users [ $user ] == hash_password ( $pass ))
2015-09-19 09:19:56 +00:00
{
2015-09-22 13:34:18 +00:00
$env -> is_logged_in = true ;
2015-09-19 09:19:56 +00:00
$expiretime = time () + 60 * 60 * 24 * 30 ; //30 days from now
$_SESSION [ " $settings->sessionprefix -user " ] = $user ;
2015-10-10 12:00:46 +00:00
$_SESSION [ " $settings->sessionprefix -pass " ] = hash_password ( $pass );
2015-09-19 09:19:56 +00:00
$_SESSION [ " $settings->sessionprefix -expiretime " ] = $expiretime ;
//redirect to wherever the user was going
http_response_code ( 302 );
if ( isset ( $_POST [ " goto " ]))
header ( " location: " . $_POST [ " returnto " ]);
else
header ( " location: index.php " );
exit ();
}
else
{
http_response_code ( 302 );
header ( " location: index.php?action=login&failed=yes " );
exit ();
}
}
else
{
http_response_code ( 302 );
header ( " location: index.php?action=login&failed=yes&badrequest=yes " );
exit ();
}
});
}
]);
2015-10-10 12:00:46 +00:00
/*
* @ summary Hashes the given password according to the current settings defined
* in $settings .
*
* @ param $pass { string } The password to hash .
*
* @ returns { string } The hashed password . Uses sha3 if $settings -> use_sha3 is
* enabled , or sha256 otherwise .
*/
function hash_password ( $pass )
{
global $settings ;
if ( $settings -> use_sha3 )
{
return sha3 ( $pass , 256 );
}
else
{
return hash ( " sha256 " , $pass );
}
}
2015-09-19 09:19:56 +00:00
?>