function doCheckLogin() { global $config; if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) { return; } $username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME])); $password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]); session_init(); if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) { echo '<p style="color: red;">PHP Session seems to have failed!</p>'; CSRF::ValidateToken(); exit; } CSRF::ValidateToken(); $password = md5($password); $config['user']->doLogin($username, $password); if ($config['user']->isOk() && getVar('error') == '') { // success $lastpage = getLastPage(); if (strpos($lastpage, 'login') !== FALSE) { $lastpage = './'; } ForwardTo($lastpage); exit; } unset($username, $password); }
function doChangePassword() { global $config; if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) { return NULL; } $password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD])); $confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM])); unset($_POST[CHANGEPASS_FORM_PASSWORD]); unset($_POST[CHANGEPASS_FORM_CONFIRM]); session_init(); if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) { echo '<p style="color: red;">PHP Session seems to have failed!</p>'; CSRF::ValidateToken(); exit; } CSRF::ValidateToken(); // check passwords match if ($password !== $confirm) { $_SESSION['error'][] = 'Passwords don\'t match. Please try again.'; return FALSE; } // check password length if (strlen($password) < 6) { $_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.'; return FALSE; } // update password in database $result = $config['user']->ChangePassword(md5($password)); // successful change if ($result !== FALSE) { // password has been changed $_SESSION['Temp Pass'] = FALSE; $lastpage = getLastPage(); if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) { $lastpage = './'; } ForwardTo($lastpage); exit; } return FALSE; }
function doCheckLogin() { global $config; if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) { return NULL; } $username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME])); $password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD])); unset($_POST[LOGIN_FORM_PASSWORD]); session_init(); if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) { echo '<p style="color: red;">PHP Session seems to have failed!</p>'; CSRF::ValidateToken(); exit; } CSRF::ValidateToken(); // check hashed password $result = $config['user']->doLogin($username, md5($password)); // try temporary password if ($result !== TRUE && strlen($password) < 32) { // unset($_GET['error']); $result = $config['user']->doLogin($username, $password); if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') { $_SESSION['Temp Pass'] = TRUE; unset($_SESSION['error']); } } // successful login if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') { $lastpage = getLastPage(); if (strpos($lastpage, 'login') !== FALSE) { $lastpage = './'; } ForwardTo($lastpage); exit; } unset($username, $password); return TRUE; }