diff options
Diffstat (limited to 'admin/auth.php')
-rw-r--r-- | admin/auth.php | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/admin/auth.php b/admin/auth.php index 160516b..7232940 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -25,32 +25,27 @@ if(Application::isAuthenticated()) { } #=============================================================================== -# ELSE: Not authenticated +# IF: Login action #=============================================================================== -else { - #=============================================================================== - # IF: Login action - #=============================================================================== - if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { - try { - $User = User\Factory::buildByUsername(HTTP::POST('username')); - - if($User->comparePassword(HTTP::POST('password'))) { - $_SESSION['auth'] = $User->getID(); - HTTP::redirect(Application::getAdminURL()); - } - - else { - $messages[] = $Language->text('authentication_failure'); - } - } catch(User\Exception $Exception){ - $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; - $fake_pass = HTTP::POST('password'); +if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { + try { + $User = User\Factory::buildByUsername(HTTP::POST('username')); - password_verify($fake_pass, $fake_hash); + if($User->comparePassword(HTTP::POST('password'))) { + $_SESSION['auth'] = $User->getID(); + HTTP::redirect(Application::getAdminURL()); + } + else { $messages[] = $Language->text('authentication_failure'); } + } catch(User\Exception $Exception){ + $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; + $fake_pass = HTTP::POST('password'); + + password_verify($fake_pass, $fake_hash); + + $messages[] = $Language->text('authentication_failure'); } } |