/** * Turns out I use this a couple times so let's make it a utility function * Authenticates a user based on the contents of the login and password parameters * or makes them anonymous. Does not set any cookies or anything permanent. */ private function authenticate_user() { global $config, $user; if (isset($_REQUEST['login']) && isset($_REQUEST['password'])) { // Get this user from the db, if it fails the user becomes anonymous // Code borrowed from /ext/user $name = $_REQUEST['login']; $pass = $_REQUEST['password']; $duser = User::by_name_and_pass($name, $pass); if (!is_null($duser)) { $user = $duser; } else { $user = User::by_id($config->get_int("anon_id", 0)); } } }
/** * @param Page $page */ private function login(Page $page) { global $config, $user; $name = $_POST['user']; $pass = $_POST['pass']; if (empty($name) || empty($pass)) { $this->theme->display_error(400, "Error", "Username or password left blank"); return; } $duser = User::by_name_and_pass($name, $pass); if (!is_null($duser)) { $user = $duser; $this->set_login_cookie($duser->name, $pass); log_info("user", "{$user->class->name} logged in"); $page->set_mode("redirect"); // Try returning to previous page if ($config->get_int("user_loginshowprofile", 0) == 0 && isset($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], "post/")) { $page->set_redirect($_SERVER['HTTP_REFERER']); } else { $page->set_redirect(make_link("user")); } } else { log_warning("user", "Failed to log in as " . html_escape($name)); $this->theme->display_error(401, "Error", "No user with those details was found"); } }