summaryrefslogtreecommitdiffstats
path: root/admin/auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'admin/auth.php')
-rw-r--r--admin/auth.php37
1 files changed, 16 insertions, 21 deletions
diff --git a/admin/auth.php b/admin/auth.php
index 160516b..7232940 100644
--- a/admin/auth.php
+++ b/admin/auth.php
@@ -25,32 +25,27 @@ if(Application::isAuthenticated()) {
}
#===============================================================================
-# ELSE: Not authenticated
+# IF: Login action
#===============================================================================
-else {
- #===============================================================================
- # IF: Login action
- #===============================================================================
- if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) {
- try {
- $User = User\Factory::buildByUsername(HTTP::POST('username'));
-
- if($User->comparePassword(HTTP::POST('password'))) {
- $_SESSION['auth'] = $User->getID();
- HTTP::redirect(Application::getAdminURL());
- }
-
- else {
- $messages[] = $Language->text('authentication_failure');
- }
- } catch(User\Exception $Exception){
- $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C';
- $fake_pass = HTTP::POST('password');
+if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) {
+ try {
+ $User = User\Factory::buildByUsername(HTTP::POST('username'));
- password_verify($fake_pass, $fake_hash);
+ if($User->comparePassword(HTTP::POST('password'))) {
+ $_SESSION['auth'] = $User->getID();
+ HTTP::redirect(Application::getAdminURL());
+ }
+ else {
$messages[] = $Language->text('authentication_failure');
}
+ } catch(User\Exception $Exception){
+ $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C';
+ $fake_pass = HTTP::POST('password');
+
+ password_verify($fake_pass, $fake_hash);
+
+ $messages[] = $Language->text('authentication_failure');
}
}