-
Notifications
You must be signed in to change notification settings - Fork 0
/
admin_login.php
43 lines (36 loc) · 1.02 KB
/
admin_login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?php
// INCLUDES
include_once("config.inc.php");
include_once("functions.inc.php");
include_once("admin_functions.inc.php");
include_once("smarty.inc.php");
// LOGIC
session_start();
if (HTTPS_REDIRECT) {
redirectToHTTPS();
}
if (userLoginValid()) {
header('Location: admin.php');
exit;
} else {
$smarty = s_init();
if (isset($_POST['username']) && isset($_POST['password']) && isTokenValid()) {
$smarty->assign('token', createToken());
$username = sanitize($_POST['username']);
$password = $_POST['password']; // no sanitize: html tags in password..
if ($username === ADMIN_USER && sha1(PASSWORD_SALT . $password) === ADMIN_PASS) {
session_regenerate_id();
$_SESSION['login'] = true;
$_SESSION['HTTP_USER_AGENT'] = sha1(SESSION_SALT . $_SERVER['HTTP_USER_AGENT']);
header('Location: admin.php');
exit;
} else {
$smarty->assign('info', 'wrong login data');
$smarty->display('admin_login.tpl');
}
} else {
$smarty->assign('token', createToken());
$smarty->display('admin_login.tpl');
}
}
?>