} } elseif (is_get_var('action') && get_get_var('action') == 'login') { $username = is_post_var('u') ? get_post_var('u') : ''; $password = is_post_var('p') ? get_post_var('p') : ''; $remember = is_post_var('login_remember'); if (gu_session_authenticate($username, $password, $remember)) { // Redirect to page that referred here - or to the home page $redirect = is_get_var('ref') ? urldecode(get_get_var('ref')) : absolute_url('index.php'); header('Location: ' . $redirect); exit; } else { gu_error(t('Incorrect username or password')); } } elseif (is_get_var('action') && get_get_var('action') == 'logout') { // Invalidate session flag gu_session_set_valid(FALSE); } gu_theme_start(); ?> <script type="text/javascript"> /* <![CDATA[ */ function loginSubmit(form) { // MD5 encrypt the password and store in hidden field form.p.value = hex_md5(form.dummy_p.value); // Replace the visible password field with Xs var mask = 'X'; for (i = 1; i < form.dummy_p.value.length; ++i) mask += 'X';
/** * Attempts to authenticate the current user when parameters come from Pluxml. First checks the current session, then any stored cookies, and finally redirects to the login page * @return bool TRUE if session is valid, else causes exit and redirect */ function plx_gu_session_authenticate($name = FALSE, $username = NULL, $password = NULL, $remember = TRUE, $user = FALSE) { // Check aganist specified credentials if (isset($name) && isset($username) && isset($password)) { if (plx_gu_session_check_credentials($name, $username, $password, $user)) { if ($remember) { setcookie('username', $username, time() + 60 * 60 * 24 * 7); setcookie('password', $password, time() + 60 * 60 * 24 * 7); } gu_session_set_valid(TRUE); return TRUE; } else { gu_session_set_valid(FALSE); return FALSE; } } // Check the session variable next if (gu_session_is_valid()) { return TRUE; } // Then try authenticating with cookie values if (isset($_COOKIE['username']) && isset($_COOKIE['password'])) { if (plx_gu_session_check_credentials($_COOKIE['username'], $_COOKIE['password'], true)) { gu_session_set_valid(TRUE); return TRUE; } } gu_session_set_valid(FALSE); return FALSE; }