<?php
require_once 'lib-password.php';
//password hashing lib - crpypt forward compat
require_once 'lib-core.php';
require_once 'lib-auth.php';
$polrauth = new polrauth();
$authcreds['username'] = $mysqli->real_escape_string($_POST['username']);
$authcreds['password'] = $mysqli->real_escape_string($_POST['password']);
if (strstr($authcreds['username'], ' ')) {
$authcreds['username'] = trim($authcreds['username']);
}
$authed = $polrauth->processlogin($authcreds['username'], $authcreds['password']);
if ($authed == true) {
$_SESSION['li'] = sha1('li');
$_SESSION['username'] = $authcreds['username'];
$_SESSION['role'] = $polrauth->getrole($authcreds['username']);
header('Location:index.php');
} else {
require_once 'layout-headerlg.php';
echo '<h2>Incorrect password or username (or account not activated). Try again</h2><br />';
if ($fpass == true) {
echo '<a href="forgotpass.php">Forgot Password?</a><br />';
}
require_once 'layout-footerlg.php';
die;
}
if ($action == 'changepw') {
$currpw = $mysqli->real_escape_string($_POST['currpw']);
$newpw = $mysqli->real_escape_string($_POST['newpw']);
require_once '../lib-password.php';
function noMc($length = 23)
{
return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
}
$salt = noMc();
$opts = array('cost' => 10, 'salt' => $salt);
$hashed = password_hash($newpw, PASSWORD_BCRYPT, $opts);
$sqr = "SELECT `password` FROM `auth` WHERE `username`='{$username}';";
$res = $mysqli->query($sqr);
$fetch = mysqli_fetch_assoc($res);
$hpw = $fetch['password'];
$islegit = $polrauth->processlogin($username, $currpw);
if (!$islegit) {
require_once 'header.php';
echo "Invalid current password. <a href=\"index.php\">Back</a>";
require_once 'layout-footerlg.php';
die;
}
$sqr = "UPDATE auth SET password = '******' WHERE `username`='{$username}';";
$res = $mysqli->query($sqr);
if ($res) {
require_once 'header.php';
echo "Success! <a href='index.php'>Back</a>";
require_once 'layout-footerlg.php';
die;
} else {
require_once 'header.php';
