forked from atutor/AContent
-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
72 lines (62 loc) · 2.24 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
/************************************************************************/
/* AContent */
/************************************************************************/
/* Copyright (c) 2010 */
/* Inclusive Design Institute */
/* */
/* This program is free software. You can redistribute it and/or */
/* modify it under the terms of the GNU General Public License */
/* as published by the Free Software Foundation. */
/************************************************************************/
define('TR_INCLUDE_PATH', 'include/');
require (TR_INCLUDE_PATH.'vitals.inc.php');
require_once(TR_INCLUDE_PATH. 'classes/DAO/UsersDAO.class.php');
$usersDAO = new UsersDAO();
// For security reasons the token has to be generated anew before each login attempt.
// The entropy of SHA-1 input should be comparable to that of its output; in other words, the more randomness you feed it the better.
/***
* Remove comments below and add comments to the 2 lines in the following block to enable a remote login form.
*/
//if (isset($_POST['token']))
//{
// $_SESSION['token'] = $_POST['token'];
//}
//else
//{
// if (!isset($_SESSION['token']))
// $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
//}
/***
* Add comments 2 lines below to enable a remote login form.
*/
if (!isset($_SESSION['token']))
$_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
if (isset($_POST['submit']))
{
$user_id = $usersDAO->Validate($addslashes($_POST['form_login']), $addslashes($_POST['form_password_hidden']));
if (!$user_id)
{
$msg->addError('INVALID_LOGIN');
}
else
{
if ($usersDAO->getStatus($user_id) == TR_STATUS_DISABLED)
{
$msg->addError('ACCOUNT_DISABLED');
}
else
{
$usersDAO->setLastLogin($user_id);
$_SESSION['user_id'] = $user_id;
$msg->addFeedback('LOGIN_SUCCESS');
header('Location: index.php');
exit;
}
}
}
global $onload;
$onload = 'document.form.form_login.focus();';
//header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
$savant->display('login.tmpl.php');
?>