blob: 953d2c4463b880916e0b39f7ddc62819bc8369fa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
<?php
function init_login(&$S) {
if (isset($S['user'])) {
// Should we let you continue to $_REQUEST['go'] instead?
return 'welcome';
} else {
if (isset($_REQUEST['email']) && isset($_REQUEST['password'])) {
$r=query('SELECT * FROM `users` WHERE `email`='.$S['pdo']->quote($_REQUEST['email']).' AND `passhash`="'.sha1($_REQUEST['password']).'"');
if ($r->rowCount()) {
$S['user']=new sql_user($r->fetch(PDO::FETCH_ASSOC));
$S['login.result']=sql_session::create();
} else {
$S['login.result']=false;
}
}
return array('title' => 'Login');
}
}
function body_login(&$S) {
if (substr($S['request'], 0, 5) != 'login') {
$_REQUEST['go']=$S['request'];
echo print_warning('Please sign in to access this page.');
}
if (isset($S['login.result'])) {
if ($S['login.result'] === 'error') {
echo print_error('An error occurred while signing you in.');
} elseif ($S['login.result']) {
echo print_success('Welcome, '.$S['user']->name);
echo '<a href="'.url(isset($_REQUEST['go'])?$_REQUEST['go']:'').'">Continue</a>';
die;
} else {
echo print_error('Your email and password combination was not recognized.');
}
}
echo '<h3>Login</h3><form action="'.url('login').'" method="post">';
if (isset($_REQUEST['go'])) {
echo '<input type="hidden" name="go" value="'.htmlentities($_REQUEST['go']).'" />';
}
echo 'Email: <input name="email" /><br/>Password: <input type="password" name="password" /><br/><input type="submit" value="Submit" /></form>';
}
?>
|