public static function authed()
{
$client_ip = LIBLIB::client_ip();
session_start();
if ($client_ip != FALSE && $_SESSION["authed"] == TRUE) {
$hash = sha1(AuthConfig::$spice . $client_ip);
if ($_SESSION["auth"] == $hash) {
return;
}
}
header("Location: /404");
exit;
}
public function post()
{
$username = $_POST["username"];
$password = $_POST["password"];
$client_ip = LIBLIB::client_ip();
if ($username == LoginConfig::$username && $password == LoginConfig::$password && $client_ip != FALSE) {
session_start();
$_SESSION["auth"] = sha1(AuthConfig::$spice . $client_ip);
$_SESSION["authed"] = TRUE;
header("Location: /kontroltaarn");
} else {
// Security through obscurity :D
header("Location: /404");
exit;
}
}
public function create()
{
AuthLib::authed();
$method = $_SERVER["REQUEST_METHOD"];
if ($method == "GET") {
echo HSHTPL::template("newform");
} else {
if ($method == "POST") {
$dbh = new PDO(DatabaseConfig::$connectionstring);
$sql = "INSERT INTO news (" . " title" . ", slug" . ", content" . ", timestamp" . ") VALUES (" . " :title" . ", :slug" . ", :content" . ", :timestamp" . ");";
$query = $dbh->prepare($sql);
$title = $_POST["blogtitle"];
$slug = LIBLIB::slugify($title);
$content = $_POST["blogcontent"];
$query->execute(array(":title" => htmlentities($title), ":slug" => $slug, ":content" => htmlentities($content), ":timestamp" => time()));
header("Location: /kontrol/taarn");
exit;
}
}
}
