<?php require_once "common.php"; # we used to let the path be current directory, but then # we had cookies getting set that were difficult to unset # (if you don't know what directory they were set in, even # unsetting at "/" doesn't work) -- so now we set and # unset everything at the root setcookie("rachel-auth", null, -1, "/"); header("Location: //{$_SERVER['HTTP_HOST']}/" . getAbsBaseUrl()); exit;
function authorized() { global $lang; # special case for test scripts if (isset($_SERVER['PHP_CLI_TESTING'])) { return true; } # if we've got a good cookie, return true if (isset($_COOKIE['rachel-auth']) && $_COOKIE['rachel-auth'] == "admin") { return true; # if we've got good user/pass, issue cookie } else { if (isset($_POST['user']) && isset($_POST['pass'])) { $db = getdb(); $db_user = $db->escapeString($_POST['user']); $db_pass = $db->escapeString(md5($_POST['pass'])); $validuser = $db->querySingle("SELECT * FROM users WHERE username = '******' AND password = '******'"); if ($validuser) { # we used to let the path be current directory, but then # we had cookies getting set that were difficult to unset # (if you don't know what directory they were set in, even # unsetting at "/" doesn't work) -- so now we set and # unset everything at the root setcookie("rachel-auth", "admin", 0, "/"); header("Location: //{$_SERVER['HTTP_HOST']}" . strtok($_SERVER["REQUEST_URI"], '?')); return true; } } } # if we made it here it means they're not authorized # -- so give them a chance to log in $indexurl = getAbsBaseUrl(); print <<<EOT <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Login</title> <style> body { background: #ccc; font-family: sans-serif; } </style> </head> <body onload="document.getElementById('user').focus()"> <center> <h1>{$lang['admin']} {$lang['login']}</h1> <p><a href="{$indexurl}">← {$lang['back']}</a></p> <form method="POST"> <table cellpadding="10"> <tr><td>{$lang['user']}</td><td><input name="user" id="user"></td></tr> <tr><td>{$lang['pass']}</td><td><input name="pass" type="password"></td></tr> <tr><td colspan="2" align="right"><input type="submit" value="{$lang['login']}"></td></tr> </table> </center> </form> </body> </html> EOT; }