public static function authed() { $client_ip = LIBLIB::client_ip(); session_start(); if ($client_ip != FALSE && $_SESSION["authed"] == TRUE) { $hash = sha1(AuthConfig::$spice . $client_ip); if ($_SESSION["auth"] == $hash) { return; } } header("Location: /404"); exit; }
public function post() { $username = $_POST["username"]; $password = $_POST["password"]; $client_ip = LIBLIB::client_ip(); if ($username == LoginConfig::$username && $password == LoginConfig::$password && $client_ip != FALSE) { session_start(); $_SESSION["auth"] = sha1(AuthConfig::$spice . $client_ip); $_SESSION["authed"] = TRUE; header("Location: /kontroltaarn"); } else { // Security through obscurity :D header("Location: /404"); exit; } }
public function create() { AuthLib::authed(); $method = $_SERVER["REQUEST_METHOD"]; if ($method == "GET") { echo HSHTPL::template("newform"); } else { if ($method == "POST") { $dbh = new PDO(DatabaseConfig::$connectionstring); $sql = "INSERT INTO news (" . " title" . ", slug" . ", content" . ", timestamp" . ") VALUES (" . " :title" . ", :slug" . ", :content" . ", :timestamp" . ");"; $query = $dbh->prepare($sql); $title = $_POST["blogtitle"]; $slug = LIBLIB::slugify($title); $content = $_POST["blogcontent"]; $query->execute(array(":title" => htmlentities($title), ":slug" => $slug, ":content" => htmlentities($content), ":timestamp" => time())); header("Location: /kontrol/taarn"); exit; } } }