summaryrefslogtreecommitdiffstats
path: root/admin/auth.php
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2017-02-24 21:27:59 +0100
committerThomas Lange <code@nerdmind.de>2017-02-24 21:27:59 +0100
commit52b077a48c743ba4d08ac00520a0bf1ef6deef5f (patch)
treeb4205c194167e0e03e273957cdd0aab3be9fdf01 /admin/auth.php
downloadblog-1.0.tar.gz
blog-1.0.tar.xz
blog-1.0.zip
Initial commit.v1.0
Diffstat (limited to 'admin/auth.php')
-rw-r--r--admin/auth.php86
1 files changed, 86 insertions, 0 deletions
diff --git a/admin/auth.php b/admin/auth.php
new file mode 100644
index 0000000..dbdd3ef
--- /dev/null
+++ b/admin/auth.php
@@ -0,0 +1,86 @@
+<?php
+#===============================================================================
+# DEFINE: Administration
+#===============================================================================
+define('ADMINISTRATION', TRUE);
+
+#===============================================================================
+# INCLUDE: Main configuration
+#===============================================================================
+require_once '../core/application.php';
+
+#===============================================================================
+# IF: Already authenticated
+#===============================================================================
+if(Application::isAuthenticated()) {
+ #===============================================================================
+ # IF: Logout action
+ #===============================================================================
+ if(HTTP::issetGET(['token' => Application::getSecurityToken(), ['action' => 'logout']])) {
+ session_destroy();
+ HTTP::redirect(Application::getAdminURL('auth.php'));
+ }
+
+ HTTP::redirect(Application::getAdminURL());
+}
+
+#===============================================================================
+# ELSE: Not authenticated
+#===============================================================================
+else {
+ #===============================================================================
+ # IF: Login action
+ #===============================================================================
+ if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) {
+ try {
+ $User = User\Factory::buildByUsername(HTTP::POST('username'));
+
+ if($User->comparePassword(HTTP::POST('password'))) {
+ $_SESSION['auth'] = $User->getID();
+ HTTP::redirect(Application::getAdminURL());
+ }
+
+ else {
+ $messages[] = $Language->text('authentication_failure');
+ }
+ } catch(User\Exception $Exception){
+ $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C';
+ $fake_pass = HTTP::POST('password');
+
+ password_verify($fake_pass, $fake_hash);
+
+ $messages[] = $Language->text('authentication_failure');
+ }
+ }
+}
+
+#===============================================================================
+# TRY: Template\Exception
+#===============================================================================
+try {
+ $AuthTemplate = Template\Factory::build('auth');
+ $AuthTemplate->set('FORM', [
+ 'INFO' => [
+ 'LIST' => $messages ?? [],
+ ],
+ 'DATA' => [
+ 'USERNAME' => HTTP::POST('username'),
+ 'PASSWORD' => HTTP::POST('password'),
+ ],
+ 'TOKEN' => Application::getSecurityToken()
+ ]);
+
+ $MainTemplate = Template\Factory::build('main');
+ $MainTemplate->set('NAME', 'Authentication');
+ $MainTemplate->set('HTML', $AuthTemplate);
+ echo $MainTemplate;
+}
+
+#===============================================================================
+# CATCH: Template\Exception
+#===============================================================================
+catch(Template\Exception $Exception) {
+ $Exception->defaultHandler();
+}
+?>
+