<?php if ($_POST && (!isset($_POST['authtoken']) || $_POST['authtoken'] != authtoken())) { die_error("Post authentication failed."); } $page->add_js('https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js'); $page->add_js(template_path('admin.js')); $page->add_css(template_path('cal.css')); $page->add_breadcrumb("Admin", "admin/"); $valid_auth = sha1(config('adminuser') . config('adminpass')); if (config('adminuser') && (empty($_COOKIE['admin']) || $_COOKIE['admin'] !== $valid_auth)) { if (isset($_POST['adminuser'], $_POST['adminpass']) && sha1($_POST['adminuser'] . $_POST['adminpass']) == $valid_auth) { setcookie('admin', $valid_auth); redirect("admin/", "Welcome"); } else { header('HTTP/1.0 401 Unauthorized'); ?> No access for you.<br><br> <form method="POST"> <?php echo authtoken_input(); ?> Username: <input name="adminuser"><br> Password: <input name="adminpass" type="password"><br> <input type="submit" value="Login"> </form> <?php } exit; }
function authtoken_input($salt = '') { $authtoken = authtoken($salt); return '<input type="hidden" name="authtoken" value="' . $authtoken . '" />'; }