public function process()
{
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username)) {
lib::seterror('Please enter a username.');
lib::sendto('/login');
}
if (empty($password)) {
lib::setitem('username', $username);
lib::seterror('Please enter a password.');
lib::sendto('/login');
}
$user = new user(array('username' => $username));
if (auth::authenticate($user, $password)) {
lib::setitem('user', $user);
lib::sendto();
} else {
lib::setitem('username', $username);
lib::seterror('Invalid username or password.');
lib::sendto('/login');
}
}
// Use Sessions
// WARNING: Vulnerable to javascript injection.
// NOTE: This will store the username and password entered by the user to the cookie
// variables USERNAME and PASSWORD respectively even if the combination is correct or
// not. Be sure to authenticate every page that you want to be secured and pass as
// parameters the variables USERNAME and PASSWORD.
setcookie("USERNAME", $_POST['username']);
setcookie("PASSWORD", $_POST['password']);
// Change the path to auth.php and authconfig.php if you moved
// vAuthenticate.php from its original directory.
include_once "auth.php";
include_once "authconfig.php";
$username = $_POST['username'];
$password = $_POST['password'];
$Auth = new auth();
$detail = $Auth->authenticate($username, $password);
if ($detail == 0) {
?>
<HEAD>
<SCRIPT language="JavaScript1.1">
<!--
location.replace("<?php
echo $failure;
?>
");
//-->
</SCRIPT>
</HEAD>
<?php
