From e12cea77d8dabaf8bcaa30a0efb6ad8be0a15260 Mon Sep 17 00:00:00 2001 From: Thomas Lange Date: Sat, 2 Sep 2017 15:07:35 +0200 Subject: An unnecessary "else" block in admin/auth.php was removed and spelling mistakes and inconsistencies in some comments were corrected. --- admin/auth.php | 37 ++++++++++++++++--------------------- core/application.php | 2 +- core/namespace/Application.php | 2 +- 3 files changed, 18 insertions(+), 23 deletions(-) diff --git a/admin/auth.php b/admin/auth.php index 160516b..7232940 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -25,32 +25,27 @@ if(Application::isAuthenticated()) { } #=============================================================================== -# ELSE: Not authenticated +# IF: Login action #=============================================================================== -else { - #=============================================================================== - # IF: Login action - #=============================================================================== - if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { - try { - $User = User\Factory::buildByUsername(HTTP::POST('username')); - - if($User->comparePassword(HTTP::POST('password'))) { - $_SESSION['auth'] = $User->getID(); - HTTP::redirect(Application::getAdminURL()); - } - - else { - $messages[] = $Language->text('authentication_failure'); - } - } catch(User\Exception $Exception){ - $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; - $fake_pass = HTTP::POST('password'); +if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) { + try { + $User = User\Factory::buildByUsername(HTTP::POST('username')); - password_verify($fake_pass, $fake_hash); + if($User->comparePassword(HTTP::POST('password'))) { + $_SESSION['auth'] = $User->getID(); + HTTP::redirect(Application::getAdminURL()); + } + else { $messages[] = $Language->text('authentication_failure'); } + } catch(User\Exception $Exception){ + $fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C'; + $fake_pass = HTTP::POST('password'); + + password_verify($fake_pass, $fake_hash); + + $messages[] = $Language->text('authentication_failure'); } } diff --git a/core/application.php b/core/application.php index 72f854a..7ba66fe 100644 --- a/core/application.php +++ b/core/application.php @@ -86,7 +86,7 @@ catch(PDOException $Exception) { } #=============================================================================== -# Check if "304 Not Modified" and ETag header should be send +# Check if "304 Not Modified" and ETag header should be sent #=============================================================================== if(Application::get('CORE.SEND_304') === TRUE AND !defined('ADMINISTRATION')) { diff --git a/core/namespace/Application.php b/core/namespace/Application.php index 4a6414a..8c3be12 100644 --- a/core/namespace/Application.php +++ b/core/namespace/Application.php @@ -34,7 +34,7 @@ class Application { } #=============================================================================== - # Return singleton PDO database instance + # Return singleton Database instance #=============================================================================== public static function getDatabase($force = FALSE): Database { if(!self::$Database instanceof Database OR $force === TRUE) { -- cgit v1.2.3