summaryrefslogtreecommitdiff
path: root/utils/login.php
blob: a4686e3343b7c33a819beb96a3a645f5d7fd000d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php

$loggedin = false;

include_once($UTIL_DIR . "/user.php");
include_once($UTIL_DIR . "/log.php");

function checklogin()
{
	global $HTTP_COOKIE_VARS;
	global $userid;
	global $password;
	global $loggedin;
	global $action;
	global $DATA_DIR;
	global $ADMIN_TIMEOUT;

	$users = new Users($DATA_DIR . "/users.xml");

	if($action == "login") {
		$user = $users->findUser($userid);
		if($user) {
			if($user->checkPassword($password)) {
				$loggedin = true;
				_log("Logged in", $userid);
			} else {
				_log("Wrong password", $userid);
			}
			setcookie("UserID", $userid, time()+$ADMIN_TIMEOUT);
			setcookie("Password", $password, time()+$ADMIN_TIMEOUT);
			return;
		} else {
			_log("Failed", $userid);
			return;
		}
	}

	if($action == "logout") {
		_log("Logged out", $HTTP_COOKIE_VARS["UserID"]);
		setcookie("UserID", "", time()-1); // remove cookie
		setcookie("Password", "", time()-1); // remove cookie
		$userid = "";
		$password = "";
		$loggedin = false;
		return;
	}

	if($HTTP_COOKIE_VARS["UserID"] == "") {
		_log("Failed", $UserID);
		return;
	}

	$user = $users->findUser($HTTP_COOKIE_VARS["UserID"]);
	if($user) {
		if($user->checkPassword($HTTP_COOKIE_VARS["Password"])) {
			setcookie("UserID", $HTTP_COOKIE_VARS["UserID"], time()+$ADMIN_TIMEOUT); // expire in 10 minutes
			setcookie("Password", $HTTP_COOKIE_VARS["Password"], time()+$ADMIN_TIMEOUT); // expire in 10 minutes
			$loggedin = true;
			return;
		} else {
			_log("Wrong password", $HTTP_COOKIE_VARS["UserID"]);
		}
	} else {
		_log("Failed", $UserID);
	}
}

?>