/**
* doLogin will try to login the user
***/
function doLogin($username, $password)
{
$LoginManager = new LoginManager();
$loginresult = $LoginManager->login($username, $password);
if (!$loginresult) {
loginFailed();
} else {
loginOk();
}
}
function logIn()
{
global $loginPassword;
global $md5LoginPassword;
global $loginPasswordPOST;
global $md5LoginPasswordSession;
global $phpSessionName;
$md5LoginPasswordPOST = md5($loginPasswordPOST);
if ($md5LoginPasswordPOST === $md5LoginPassword) {
session_start();
$_SESSION[$phpSessionName] = $md5LoginPasswordPOST;
loginSuccess();
}
if ($md5LoginPasswordSession !== $md5LoginPassword) {
loginFailed("invalid");
}
if ($md5LoginPasswordSession === $md5LoginPassword) {
loginSuccess();
}
}
function loginForm()
{
if (isset($_POST['mode'])) {
loginFailed();
}
echo "<form action=\"login.php\" method=\"post\">\n";
echo "<table align=\"center\" style=\"border-width: 0px\" cellpadding=\"3\">\n";
echo "<tr><td><b>MTGO Username</td>\n";
echo "<td><input type=\"text\" name=\"username\" value=\"\"></td></tr>\n";
echo "<tr><td><b>Gatherling Password</td>\n";
echo "<td><input type=\"password\" name=\"password\" value=\"\">\n";
echo "</td></tr>\n";
echo "<tr><td> </td></tr>";
echo "<tr><td colspan=\"2\" align=\"center\">\n";
echo "<input type=\"submit\" name=\"mode\" value=\"Log In\">\n";
echo "<tr><td> </td></tr>";
echo "<tr><td colspan=\"2\" align=\"center\">\n";
echo "Please <a href=\"register.php\">Click Here</a> if you need to ";
echo "register.\n";
echo "</table>\n";
echo "</form>\n";
}
<?php
// Copyright 2014 yAzZiE Labs
//
// This file is part of php-admin-login.
//
// php-admin-login is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// php-admin-login is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with php-admin-login. If not, see <http://www.gnu.org/licenses/>.
include 'functions.php';
if ($md5LoginPasswordSession !== $md5LoginPassword) {
loginFailed("denied");
}
function signin()
{
// user already logged in
if (isLogged()) {
header('Location: ' . Path::admin());
exit;
}
global $tpl;
global $_CONFIG;
if (!canLogin()) {
global $tpl;
$tpl->assign('page_title', 'Error');
$tpl->assign('menu_links', Path::menu('error'));
$tpl->assign('error_title', 'You’re in jail');
$tpl->assign('error_content', 'You have been banned after too many bad attemps. <div class="espace-top">Please try later.</div>');
$tpl->draw('error');
exit;
}
if (!empty($_POST['login']) && !empty($_POST['password'])) {
if (!empty($_POST['token']) && acceptToken($_POST['token'])) {
if (check_auth(htmlspecialchars($_POST['login']), $_POST['password'])) {
loginSucceeded();
$cookiedir = '';
if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
$cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/';
}
session_set_cookie_params(0, $cookiedir, $_SERVER['HTTP_HOST']);
session_regenerate_id(TRUE);
// check if we need to redirect the user
$target = isset($_GET['target']) && targetIsAllowed($_GET['target']) ? Path::$_GET['target']() : './';
header('Location: ' . $target);
exit;
}
loginFailed();
errorPage('The given username or password was wrong. <br />If you do not remberer your login informations, just delete the file <code>' . basename($_CONFIG['settings']) . '</code>.', 'Invalid username or password');
}
loginFailed();
errorPage('The received token was empty or invalid.', 'Invalid security token');
}
$tpl->assign('page_title', 'Sign in');
$tpl->assign('menu_links', Path::menu('signin'));
$tpl->assign('target', isset($_GET['target']) && targetIsAllowed($_GET['target']) ? htmlspecialchars($_GET['target']) : NULL);
$tpl->assign('token', getToken());
$tpl->draw('form.signin');
exit;
}
function loginProcess()
{
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$authenticated = checkPassword($username, $password);
if (!$authenticated) {
session_unset();
loginFailed(_kt('Could not authenticate administrative user'));
return;
}
$_SESSION['setup_user'] = $username;
welcome();
}
if (!validate_password($password, $passhash)) {
loginFailed(array('Failed to log you in.'));
}
//CreationDate, Email, Username, Password, Allowed_Characters, Flags, Accountflags, Expansions, GM, FirstName, LastName
$_SESSION['SESS_ID'] = $member['Id'];
$_SESSION['SESS_CREATIONDATE'] = $member['CreationDate'];
$_SESSION['SESS_EMAIL'] = $member['Email'];
$_SESSION['SESS_USER_NAME'] = $member['Username'];
$_SESSION['SESS_ALLOWED_CHARACTERS'] = $member['Allowed_Characters'];
$_SESSION['SESS_FLAGS'] = $member['Flags'];
$_SESSION['SESS_ACCOUNTFLAGS'] = $member['AccountFlags'];
$_SESSION['SESS_EXPANSIONS'] = $member['Expansions'];
$_SESSION['SESS_GM'] = $member['GM'];
$_SESSION['SESS_FIRST_NAME'] = $member['FirstName'];
$_SESSION['SESS_LAST_NAME'] = $member['LastName'];
session_write_close();
header("location: member-index.php");
exit;
} else {
}
} else {
loginFailed(array('Unable to log you in at this time.', 'Please try again later.'));
}
function loginFailed($errorMessages)
{
foreach ($errorMessages as $error) {
$errorText .= $error . "<br />";
}
header("location: register.php?err=" . $errorText);
exit;
}
