"Login", "version" => "0.8", "author" => "Starbeamrainbowlabs", "description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "id" => "page-login", "code" => function() { /* * _ _ * | | ___ __ _(_)_ __ * | |/ _ \ / _` | | '_ \ * | | (_) | (_| | | | | | * |_|\___/ \__, |_|_| |_| * |___/ %login% */ add_action("login", function() { global $settings; // Build the action url that will actually perform the login $login_form_action_url = "index.php?action=checklogin"; if(isset($_GET["returnto"])) $login_form_action_url .= "&returnto=" . rawurlencode($_GET["returnto"]); $title = "Login to $settings->sitename"; $content = "
Login failed.
\n"; if(isset($_GET["required"])) $content .= "\t\t$settings->sitename requires that you login before continuing.
\n"; $content .= "\t\t\n"; exit(page_renderer::render_main($title, $content)); }); /* * _ _ _ _ * ___| |__ ___ ___| | _| | ___ __ _(_)_ __ * / __| '_ \ / _ \/ __| |/ / |/ _ \ / _` | | '_ \ * | (__| | | | __/ (__| <| | (_) | (_| | | | | | * \___|_| |_|\___|\___|_|\_\_|\___/ \__, |_|_| |_| * %checklogin% |___/ */ add_action("checklogin", function() { global $settings, $env; //actually do the login if(isset($_POST["user"]) and isset($_POST["pass"])) { //the user wants to log in $user = $_POST["user"]; $pass = $_POST["pass"]; if($settings->users[$user] == hash_password($pass)) { $env->is_logged_in = true; $expiretime = time() + 60*60*24*30; //30 days from now $_SESSION["$settings->sessionprefix-user"] = $user; $_SESSION["$settings->sessionprefix-pass"] = hash_password($pass); $_SESSION["$settings->sessionprefix-expiretime"] = $expiretime; //redirect to wherever the user was going http_response_code(302); if(isset($_GET["returnto"])) header("location: " . $_GET["returnto"]); else header("location: index.php"); exit(); } else { http_response_code(302); header("location: index.php?action=login&failed=yes"); exit(); } } else { http_response_code(302); header("location: index.php?action=login&failed=yes&badrequest=yes"); exit(); } }); } ]); /* * @summary Hashes the given password according to the current settings defined * in $settings. * * @param $pass {string} The password to hash. * * @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is * enabled, or sha256 otherwise. */ function hash_password($pass) { global $settings; if($settings->use_sha3) { return sha3($pass, 256); } else { return hash("sha256", $pass); } } ?>