$next_url = urldecode($next_url);
$next_url = sanitize_local_url($next_url);
if (strlen($next_url) == 0) {
$next_url = "home.php";
}
$perm = false;
if (isset($_POST['stay_logged_in'])) {
$perm = $_POST['stay_logged_in'];
}
// check for account key case.
// see if key is in URL; if not then check for POST data
//
$authenticator = get_str("key", true);
if (!$authenticator) {
$authenticator = post_str("authenticator", true);
}
if ($authenticator) {
login_with_auth($authenticator, $next_url, $perm);
exit;
}
$email_addr = strtolower(sanitize_tags(post_str("email_addr", true)));
$passwd = post_str("passwd", true);
if ($email_addr && $passwd) {
if (LDAP_HOST && !is_valid_email_addr($email_addr)) {
login_with_ldap($email_addr, $passwd, $next_url, $perm);
} else {
login_with_email($email_addr, $passwd, $next_url, $perm);
}
exit;
}
error_page("You must supply an email address and password");
function login($login, $password)
{
$is_login_email = preg_match("/.+\\@.+/", $login);
if ($is_login_email == false) {
//BAD preg_match failed.
}
$user = (bool) $is_login_email ? login_with_email($login, $password) : login_with_username($login, $password);
if ($user === false) {
return [false, "Invalid login information!"];
}
$successful_login = password_verify($password, $user->password);
if ($successful_login) {
user_logged_in($user->id);
return [true, "Loggin in..."];
} else {
if (!$successful_login) {
return [false, "Invalid login information."];
}
}
}
