$next_url = urldecode($next_url); $next_url = sanitize_local_url($next_url); if (strlen($next_url) == 0) { $next_url = "home.php"; } $perm = false; if (isset($_POST['stay_logged_in'])) { $perm = $_POST['stay_logged_in']; } // check for account key case. // see if key is in URL; if not then check for POST data // $authenticator = get_str("key", true); if (!$authenticator) { $authenticator = post_str("authenticator", true); } if ($authenticator) { login_with_auth($authenticator, $next_url, $perm); exit; } $email_addr = strtolower(sanitize_tags(post_str("email_addr", true))); $passwd = post_str("passwd", true); if ($email_addr && $passwd) { if (LDAP_HOST && !is_valid_email_addr($email_addr)) { login_with_ldap($email_addr, $passwd, $next_url, $perm); } else { login_with_email($email_addr, $passwd, $next_url, $perm); } exit; } error_page("You must supply an email address and password");
function login($login, $password) { $is_login_email = preg_match("/.+\\@.+/", $login); if ($is_login_email == false) { //BAD preg_match failed. } $user = (bool) $is_login_email ? login_with_email($login, $password) : login_with_username($login, $password); if ($user === false) { return [false, "Invalid login information!"]; } $successful_login = password_verify($password, $user->password); if ($successful_login) { user_logged_in($user->id); return [true, "Loggin in..."]; } else { if (!$successful_login) { return [false, "Invalid login information."]; } } }