// Default action that guest is authorized to use.
}
}
if ($action != 'SecurityLogin' && $action != 'SecurityProcessLogin' && !userIsAuthorized($action)) {
if (!loggedIn()) {
header("Location:../security/index.php?action=SecurityLogin&RequestedPage=" . urlencode($_SERVER['REQUEST_URI']));
} else {
include '../security/not_authorized.html';
}
} else {
switch ($action) {
case 'SecurityLogin':
include '../security/login_form.php';
break;
case 'SecurityProcessLogin':
ProcessLogin();
break;
case 'SecurityLogOut':
ProcessLogOut();
break;
case 'SecurityManageUsers':
ManageUsers();
break;
case 'SecurityUserAdd':
UserAdd();
break;
case 'SecurityUserEdit':
UserEdit();
break;
case 'SecurityUserDelete':
UserDelete();
<?php
if (!defined("IN_RULE")) {
die("Oops");
}
if (isset($_POST['email'])) {
$message = ProcessLogin($_POST['email'], $pdo);
}
if (isset($_SESSION['email'])) {
header("location: index.php");
exit;
}
function ProcessLogin($user, $dblink)
{
$login = filter::filter_email($user);
if ($login != FALSE) {
if ($stm = $dblink->prepare("SELECT email, pass FROM users WHERE email=?")) {
$stm->execute(array($login));
$row = $stm->fetch();
$stm = NULL;
$uname = $row['email'];
$hash = $row['pass'];
}
if ($uname == $login) {
if (password_verify($_POST['password'], $hash)) {
$_SESSION['email'] = $login;
//login::log_enter($dblink);
} else {
$mesg = "Wrong password";
}
} else {
