<?php
if ($_POST && (!isset($_POST['authtoken']) || $_POST['authtoken'] != authtoken())) {
die_error("Post authentication failed.");
}
$page->add_js('https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js');
$page->add_js(template_path('admin.js'));
$page->add_css(template_path('cal.css'));
$page->add_breadcrumb("Admin", "admin/");
$valid_auth = sha1(config('adminuser') . config('adminpass'));
if (config('adminuser') && (empty($_COOKIE['admin']) || $_COOKIE['admin'] !== $valid_auth)) {
if (isset($_POST['adminuser'], $_POST['adminpass']) && sha1($_POST['adminuser'] . $_POST['adminpass']) == $valid_auth) {
setcookie('admin', $valid_auth);
redirect("admin/", "Welcome");
} else {
header('HTTP/1.0 401 Unauthorized');
?>
No access for you.<br><br>
<form method="POST">
<?php
echo authtoken_input();
?>
Username: <input name="adminuser"><br>
Password: <input name="adminpass" type="password"><br>
<input type="submit" value="Login">
</form>
<?php
}
exit;
}
function authtoken_input($salt = '')
{
$authtoken = authtoken($salt);
return '<input type="hidden" name="authtoken" value="' . $authtoken . '" />';
}
