diff options
-rw-r--r-- | admin/auth.php | 37 | ||||
-rw-r--r-- | core/application.php | 2 | ||||
-rw-r--r-- | core/namespace/Application.php | 2 |
3 files changed, 18 insertions, 23 deletions
diff --git a/admin/auth.php b/admin/auth.php index 160516b..7232940 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -25,32 +25,27 @@ if(Application::isAuthenticated()) { } #=============================================================================== -# ELSE: Not authenticated +# IF: Login action #=============================================================================== -else { - #=============================================================================== - # IF: Login action - #=============================================================================== - if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { - try { - $User = User\Factory::buildByUsername(HTTP::POST('username')); - - if($User->comparePassword(HTTP::POST('password'))) { - $_SESSION['auth'] = $User->getID(); - HTTP::redirect(Application::getAdminURL()); - } - - else { - $messages[] = $Language->text('authentication_failure'); - } - } catch(User\Exception $Exception){ - $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; - $fake_pass = HTTP::POST('password'); +if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { + try { + $User = User\Factory::buildByUsername(HTTP::POST('username')); - password_verify($fake_pass, $fake_hash); + if($User->comparePassword(HTTP::POST('password'))) { + $_SESSION['auth'] = $User->getID(); + HTTP::redirect(Application::getAdminURL()); + } + else { $messages[] = $Language->text('authentication_failure'); } + } catch(User\Exception $Exception){ + $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; + $fake_pass = HTTP::POST('password'); + + password_verify($fake_pass, $fake_hash); + + $messages[] = $Language->text('authentication_failure'); } } diff --git a/core/application.php b/core/application.php index 72f854a..7ba66fe 100644 --- a/core/application.php +++ b/core/application.php @@ -86,7 +86,7 @@ catch(PDOException $Exception) { } #=============================================================================== -# Check if "304 Not Modified" and ETag header should be send +# Check if "304 Not Modified" and ETag header should be sent #=============================================================================== if(Application::get('CORE.SEND_304') === TRUE AND !defined('ADMINISTRATION')) { diff --git a/core/namespace/Application.php b/core/namespace/Application.php index 4a6414a..8c3be12 100644 --- a/core/namespace/Application.php +++ b/core/namespace/Application.php @@ -34,7 +34,7 @@ class Application { } #=============================================================================== - # Return singleton PDO database instance + # Return singleton Database instance #=============================================================================== public static function getDatabase($force = FALSE): Database { if(!self::$Database instanceof Database OR $force === TRUE) { |