Example #1
0
Atomik::needed('logincheck');
allowed();
if ($_POST['add']) {
    $rule = array('adminnick' => array('required' => true), 'adminpassword' => array('required' => true));
    if (($data = Atomik::filter($_POST, $rule)) === false) {
        Atomik::flash('Invalid form', 'error');
        Atomik::redirect('loginmanagement');
    }
    $hashpassword = md5($data['adminpassword']);
    $data['adminpassword'] = $hashpassword;
    $searchresult = A('db: select adminid from admin where adminnick=\'' . $data['adminnick'] . '\'');
    $datarow = $searchresult->fetch();
    if (empty($datarow)) {
        Atomik_DB::insert('admin', $data);
        Atomik::redirect('loginmanagement');
    }
    Atomik::flash('Admin with similar username already exists', 'error');
    Atomik::redirect('loginmanagement');
} elseif ($_POST['delete']) {
    $rule = array('adminid' => array('required' => true));
    if (($data = Atomik::filter($_POST, $rule)) === false) {
        Atomik::flash('Invalid form', 'error');
        Atomik::redirect('loginmanagement');
    }
    if ($data['adminid'] == $_SESSION['adminid']) {
        Atomik::flash("Can't delete a session you are currently logged in as", 'error');
        Atomik::redirect('loginmanagement');
    }
    Atomik_DB::delete('admin', $data);
    Atomik::redirect('loginmanagement');
}
Example #2
0
<?php

/* The basic logic behind logging in. Nothing exceptional, the user's password is hashed using MD5 and then checked against the database.
   If a match is found, session variables are initialized and the user is redirected to the admin homepage. */
$rule = array('loginname' => array('required' => true), 'password' => array('required' => true));
if (Atomik::filter($_POST, $rule) === false) {
    Atomik::flash(A('app/filters/messages'), 'error');
    return;
}
$loginname = $_POST['loginname'];
$password = md5($_POST['password']);
$searchresult = A("db:select * from admin where adminnick='{$loginname}'");
$datarow = $searchresult->fetch();
if (empty($datarow)) {
    Atomik::flash('Invalid login', 'loginfail');
    return;
} elseif ($password != $datarow['adminpassword']) {
    Atomik::flash('Invalid login', 'loginfail');
    return;
} else {
    $_SESSION['adminlogin'] = true;
    $_SESSION['loginname'] = $loginname;
    $_SESSION['password'] = $password;
    $_SESSION['adminid'] = $datarow['adminid'];
    Atomik::redirect('adminhome');
}