<?php
register_module([
"name" => "Login",
"version" => "0.8",
"author" => "Starbeamrainbowlabs",
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id" => "page-login",
"code" => function() {
/*
* _ _
* | | ___ __ _(_)_ __
* | |/ _ \ / _` | | '_ \
* | | (_) | (_| | | | | |
* |_|\___/ \__, |_|_| |_|
* |___/ %login%
*/
add_action("login", function() {
global $settings;
// Build the action url that will actually perform the login
$login_form_action_url = "index.php?action=checklogin";
if(isset($_GET["returnto"]))
$login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]);
$title = "Login to $settings->sitename";
$content = "<h1>Login to $settings->sitename</h1>\n";
if(isset($_GET["failed"]))
$content .= "\t\t<p><em>Login failed.</em></p>\n";
if(isset($_GET["required"]))
$content .= "\t\t<p><em>$settings->sitename requires that you login before continuing.</em></p>\n";
$content .= "\t\t<form method='post' action='$login_form_action_url'>
<label for='user'>Username:</label>
<input type='text' name='user' id='user' />
<br />
<label for='pass'>Password:</label>
<input type='password' name='pass' id='pass' />
<br />
<input type='submit' value='Login' />
</form>\n";
exit(page_renderer::render_main($title, $content));
});
/*
* _ _ _ _
* ___| |__ ___ ___| | _| | ___ __ _(_)_ __
* / __| '_ \ / _ \/ __| |/ / |/ _ \ / _` | | '_ \
* | (__| | | | __/ (__| <| | (_) | (_| | | | | |
* \___|_| |_|\___|\___|_|\_\_|\___/ \__, |_|_| |_|
* %checklogin% |___/
*/
add_action("checklogin", function() {
global $settings, $env;
//actually do the login
if(isset($_POST["user"]) and isset($_POST["pass"]))
{
//the user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users[$user] == hash_password($pass))
{
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going
http_response_code(302);
if(isset($_GET["returnto"]))
header("location: " . $_GET["returnto"]);
else
header("location: index.php");
exit();
}
else
{
http_response_code(302);
header("location: index.php?action=login&failed=yes");
exit();
}
}
else
{
http_response_code(302);
header("location: index.php?action=login&failed=yes&badrequest=yes");
exit();
}
});
}
]);
/*
* @summary Hashes the given password according to the current settings defined
* in $settings.
*
* @param $pass {string} The password to hash.
*
* @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is
* enabled, or sha256 otherwise.
*/
function hash_password($pass)
{
global $settings;
if($settings->use_sha3)
{
return sha3($pass, 256);
}
else
{
return hash("sha256", $pass);
}
}
?>