1 files changed, 67 insertions, 0 deletions

diff --git a/utils/login.php b/utils/login.php
new file mode 100644
index 0000000..950476e
--- /dev/null
+++ b/utils/login.php
@@ -0,0 +1,67 @@
+<?php
+
+$loggedin = false;
+
+include_once($UTIL_DIR . "/user.php");
+include_once($UTIL_DIR . "/log.php");
+
+function checklogin()
+{
+	global $HTTP_COOKIE_VARS;
+	global $userid;
+	global $password;
+	global $loggedin;
+	global $action;
+	global $DATA_DIR;
+
+	$users = new Users($DATA_DIR . "/users.xml");
+
+	if($action == "login") {
+		$user = $users->findUser($userid);
+		if($user) {
+			if($user->checkPassword($password)) {
+				$loggedin = true;
+				_log("Logged in", $userid);
+			} else {
+				_log("Wrong password", $userid);
+			}
+			setcookie("UserID", $userid, time()+600); // expire in 10 minutes
+			setcookie("Password", $password, time()+600); // expire in 10 minutes
+			return;
+		} else {
+			_log("Failed", $userid);
+			return;
+		}
+	}
+
+	if($action == "logout") {
+		_log("Logged out", $HTTP_COOKIE_VARS["UserID"]);
+		setcookie("UserID", "", time()-1); // remove cookie
+		setcookie("Password", "", time()-1); // remove cookie
+		$userid = "";
+		$password = "";
+		$loggedin = false;
+		return;
+	}
+
+	if($HTTP_COOKIE_VARS["UserID"] == "") {
+		_log("Failed", $UserID);
+		return;
+	}
+
+	$user = $users->findUser($HTTP_COOKIE_VARS["UserID"]);
+	if($user) {
+		if($user->checkPassword($HTTP_COOKIE_VARS["Password"])) {
+			setcookie("UserID", $HTTP_COOKIE_VARS["UserID"], time()+600); // expire in 10 minutes
+			setcookie("Password", $HTTP_COOKIE_VARS["Password"], time()+600); // expire in 10 minutes
+			$loggedin = true;
+			return;
+		} else {
+			_log("Wrong password", $HTTP_COOKIE_VARS["UserID"]);
+		}
+	} else {
+		_log("Failed", $UserID);
+	}
+}
+
+?>
\ No newline at end of file