Refactor login code a bit to reduce nesting

2024-11-22 04:23:01 +00:00 · 2019-10-07 18:19:48 +01:00 · 2019-10-07 18:19:48 +01:00 · 6213a6e715
commit 6213a6e715
parent 5239fff462
2 changed files with 62 additions and 68 deletions
--- a/core/10-login.php
+++ b/core/10-login.php
@ -27,12 +27,9 @@ if(isset($_SESSION[$settings->sessionprefix . "-user"]) and

 // Check to see if the currently logged in user is an admin
 $env->is_admin = false;
-if($env->is_logged_in)
-{
-	foreach($settings->admins as $admin_username)
-	{
-		if($admin_username == $env->user)
-		{
+if($env->is_logged_in) {
+	foreach($settings->admins as $admin_username){
+		if($admin_username == $env->user) {
 			$env->is_admin = true;
 			break;
 		}
--- a/modules/page-login.php
+++ b/modules/page-login.php
@ -86,14 +86,33 @@ register_module([
 		add_action("checklogin", function() {
 			global $settings, $env;
 			
+			if(!isset($_POST["user"]) or !isset($_POST["pass"])) {
+				http_response_code(302);
+				$nextUrl = "index.php?action=login&failed=yes&badrequest=yes";
+				if(!empty($_GET["returnto"]))
+				$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
+				header("location: $nextUrl");
+				exit();
+			}
+			
 			// Actually do the login
-			if(isset($_POST["user"]) and isset($_POST["pass"]))
-			{
+			
 			// The user wants to log in
 			$user = $_POST["user"];
 			$pass = $_POST["pass"];
-				if(!empty($settings->users->$user) && verify_password($pass, $settings->users->$user->password))
-				{
+			
+			// Verify their password
+			if(empty($settings->users->$user) || !verify_password($pass, $settings->users->$user->password)) {
+				// Login failed :-(
+				http_response_code(302);
+				header("x-login-success: no");
+				$nextUrl = "index.php?action=login&failed=yes";
+				if(!empty($_GET["returnto"]))
+					$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
+				header("location: $nextUrl");
+				exit();
+			}
+			
 			// Success! :D
 			
 			// Update the environment
@ -133,28 +152,6 @@ register_module([
 			else
 				header("location: index.php");
 			exit();
-				}
-				else
-				{
-					// Login failed :-(
-					http_response_code(302);
-					header("x-login-success: no");
-					$nextUrl = "index.php?action=login&failed=yes";
-					if(!empty($_GET["returnto"]))
-						$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
-					header("location: $nextUrl");
-					exit();
-				}
-			}
-			else
-			{
-				http_response_code(302);
-				$nextUrl = "index.php?action=login&failed=yes&badrequest=yes";
-				if(!empty($_GET["returnto"]))
-					$nextUrl .= "&returnto=" . rawurlencode($_GET["returnto"]);
-				header("location: $nextUrl");
-				exit();
-			}
 		});
 		
 		add_action("hash-cost-test", function() {