forked from peewee2565/php-admin-login
/
functions.php
67 lines (58 loc) · 2.95 KB
/
functions.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
// Copyright 2014 yAzZiE Labs
//
// This file is part of php-admin-login.
//
// php-admin-login is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// any later version.
//
// php-admin-login is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with php-admin-login. If not, see <http://www.gnu.org/licenses/>.
$loginPassword = 'Facepunch'; // This is the plain-text password, change this to whatever you want to use as a password.
$md5LoginPassword = md5($loginPassword); // If you want to store your password in MD5 form only, delete the above line and replace "md5($loginPassword)" with your MD5 hash.
$phpSessionName = 'php-admin-login'; // Name of the PHP Session used to store the MD5 hashed password. You can change this to avoid interference with other websites that may use this same login code.
$loginPasswordPOST = $_POST["password"];
session_start(); $md5LoginPasswordSession = $_SESSION[$phpSessionName];
function logIn() {
global $loginPassword;
global $md5LoginPassword;
global $loginPasswordPOST;
global $md5LoginPasswordSession;
global $phpSessionName;
$md5LoginPasswordPOST = md5($loginPasswordPOST);
if ($md5LoginPasswordPOST === $md5LoginPassword) {session_start(); $_SESSION[$phpSessionName]=$md5LoginPasswordPOST; loginSuccess(); };
if ($md5LoginPasswordSession !== $md5LoginPassword) {loginFailed("invalid"); };
if ($md5LoginPasswordSession === $md5LoginPassword) {loginSuccess(); };
};
function loginErrorMessage() {
$loginErrorReason = $_GET['failed'];
if ($loginErrorReason === 'denied') {echo 'Access is denied or your session has expired. Please enter your password.'; }; // Login Error Explanation if a user tries to access a password protected page when they aren't logged in.
if ($loginErrorReason === 'invalid') {echo 'The password you entered is incorrect. Please try again.'; }; // Login Error Explanation if the user didn't enter the correct password.
};
function loginFailed($reason) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: login.php?failed={$reason}"); // User is redirected back to the login page with a corresponding error message (generated by loginErrorMessage() above) as to why their login failed.
exit;
};
function loginSuccess() {
header("HTTP/1.1 301 Moved Permanently");
header("Location: demo.php"); // Where the user is redirected to when they log in.
exit;
};
function logOut() {
global $phpSessionName;
session_start();
unset($_SESSION[$phpSessionName]);
session_destroy();
header("HTTP/1.1 301 Moved Permanently");
header("Location: login.php"); // Where the user is redirected to when they log out.
exit;
};
?>