diff options
Diffstat (limited to 'admin/auth.php')
| -rw-r--r-- | admin/auth.php | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/admin/auth.php b/admin/auth.php new file mode 100644 index 0000000..dbdd3ef --- /dev/null +++ b/admin/auth.php @@ -0,0 +1,86 @@ +<?php +#=============================================================================== +# DEFINE: Administration +#=============================================================================== +define('ADMINISTRATION', TRUE); + +#=============================================================================== +# INCLUDE: Main configuration +#=============================================================================== +require_once '../core/application.php'; + +#=============================================================================== +# IF: Already authenticated +#=============================================================================== +if(Application::isAuthenticated()) { + #=============================================================================== + # IF: Logout action + #=============================================================================== + if(HTTP::issetGET(['token' => Application::getSecurityToken(), ['action' => 'logout']])) { + session_destroy(); + HTTP::redirect(Application::getAdminURL('auth.php')); + } + + HTTP::redirect(Application::getAdminURL()); +} + +#=============================================================================== +# ELSE: Not authenticated +#=============================================================================== +else { + #=============================================================================== + # IF: Login action + #=============================================================================== + if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { + try { + $User = User\Factory::buildByUsername(HTTP::POST('username')); + + if($User->comparePassword(HTTP::POST('password'))) { + $_SESSION['auth'] = $User->getID(); + HTTP::redirect(Application::getAdminURL()); + } + + else { + $messages[] = $Language->text('authentication_failure'); + } + } catch(User\Exception $Exception){ + $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; + $fake_pass = HTTP::POST('password'); + + password_verify($fake_pass, $fake_hash); + + $messages[] = $Language->text('authentication_failure'); + } + } +} + +#=============================================================================== +# TRY: Template\Exception +#=============================================================================== +try { + $AuthTemplate = Template\Factory::build('auth'); + $AuthTemplate->set('FORM', [ + 'INFO' => [ + 'LIST' => $messages ?? [], + ], + 'DATA' => [ + 'USERNAME' => HTTP::POST('username'), + 'PASSWORD' => HTTP::POST('password'), + ], + 'TOKEN' => Application::getSecurityToken() + ]); + + $MainTemplate = Template\Factory::build('main'); + $MainTemplate->set('NAME', 'Authentication'); + $MainTemplate->set('HTML', $AuthTemplate); + echo $MainTemplate; +} + +#=============================================================================== +# CATCH: Template\Exception +#=============================================================================== +catch(Template\Exception $Exception) { + $Exception->defaultHandler(); +} +?> + |