function submitLogin()
{
global $authMechs;
$authtype = getContinuationVar("authtype", processInputVar('authtype', ARG_STRING));
if (!array_key_exists($authtype, $authMechs)) {
// FIXME - hackerish
dbDisconnect();
exit;
}
if (isset($_GET['userid'])) {
unset($_GET['userid']);
}
$userid = processInputVar('userid', ARG_STRING, '');
$passwd = $_POST['password'];
if (empty($userid) || empty($passwd)) {
selectAuth();
return;
}
if (get_magic_quotes_gpc()) {
$userid = stripslashes($userid);
$passwd = stripslashes($passwd);
}
if ($authMechs[$authtype]['type'] == 'ldap') {
ldapLogin($authtype, $userid, $passwd);
} elseif ($authMechs[$authtype]['type'] == 'local') {
localLogin($userid, $passwd, $authtype);
} else {
selectAuth();
}
}
// Seeing if we should try logging the user in with a request
// to a LDAP server, or just against what is stored in the
// staff database table
if ($CFG['LDAP_Enabled'] && $tableRows[0]['StaffPassword'] == "ldap") {
ldapLogin($username, $password, $CFG['LDAP_Server'], $CFG['LDAP_UPN'], $CFG['LDAP_DN'], $CFG['LDAP_StaffGroups'], $databaseConnection, false);
} else {
if (password_verify($password, $tableRows[0]['StaffPassword'])) {
// Updating the sessions table and cookie
setSessionInformation($username, $databaseConnection);
echo 'success';
} else {
echo 'The password is incorrect';
}
}
} else {
// The username doesn't exist, so either attempt to create
// the new user from a successful LDAP bind, or if it's not
// enabled, let the user know that the username is incorrect
if ($CFG['LDAP_Enabled']) {
ldapLogin($username, $password, $CFG['LDAP_Server'], $CFG['LDAP_UPN'], $CFG['LDAP_DN'], $CFG['LDAP_StaffGroups'], $databaseConnection, true);
} else {
echo "The username is incorrect";
}
}
} else {
// There was no username and/or password entered, so let the user know
echo "The username and / or password is empty";
}
}
// Closing the connection to the database
dbClose($databaseConnection);
