/** * prepare/override the password provided from logon form (if necessary) * @todo when we rewrite authentication api for plugins, this should be merged with prepare_username and return some object * @param string $p_password * @return string prepared password * @access public */ function auth_prepare_password($p_password) { switch (config_get('login_method')) { case BASIC_AUTH: $f_password = $_SERVER['PHP_AUTH_PW']; break; case HTTP_AUTH: if (!auth_http_is_logout_pending()) { /* this will never get hit - see auth_prepare_username */ if (isset($_SERVER['PHP_AUTH_PW'])) { $f_password = $_SERVER['PHP_AUTH_PW']; } } else { auth_http_set_logout_pending(false); auth_http_prompt(); /* calls exit */ return; } break; default: $f_password = $p_password; break; } return $f_password; }
$f_username = gpc_get_string('username', ''); $f_password = gpc_get_string('password', ''); $f_perm_login = $t_allow_perm_login && gpc_get_bool('perm_login'); $t_return = string_url(string_sanitize_url(gpc_get_string('return', config_get('default_home_page')))); $f_from = gpc_get_string('from', ''); $f_secure_session = gpc_get_bool('secure_session', false); $f_install = gpc_get_bool('install'); # If upgrade required, always redirect to install page. if ($f_install) { $t_return = 'admin/install.php'; } $f_username = auth_prepare_username($f_username); $f_password = auth_prepare_password($f_password); gpc_set_cookie(config_get_global('cookie_prefix') . '_secure_session', $f_secure_session ? '1' : '0'); if (auth_attempt_login($f_username, $f_password, $f_perm_login)) { session_set('secure_session', $f_secure_session); if ($f_username == 'administrator' && $f_password == 'root' && (is_blank($t_return) || $t_return == 'index.php')) { $t_return = 'account_page.php'; } $t_redirect_url = 'login_cookie_test.php?return=' . $t_return; } else { $t_redirect_url = 'login_page.php?return=' . $t_return . '&error=1&username='******'&secure_session=' . ($f_secure_session ? 1 : 0); if ($t_allow_perm_login) { $t_redirect_url .= '&perm_login='******'login_method')) { auth_http_prompt(); exit; } } print_header_redirect($t_redirect_url);