summaryrefslogtreecommitdiffstats
path: root/admin/auth.php
blob: dbdd3ef354b41996dd64afa199c37c8d8a6ad81a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
#===============================================================================
# DEFINE: Administration
#===============================================================================
define('ADMINISTRATION', TRUE);

#===============================================================================
# INCLUDE: Main configuration
#===============================================================================
require_once '../core/application.php';

#===============================================================================
# IF: Already authenticated
#===============================================================================
if(Application::isAuthenticated()) {
	#===============================================================================
	# IF: Logout action
	#===============================================================================
	if(HTTP::issetGET(['token' => Application::getSecurityToken(), ['action' => 'logout']])) {
		session_destroy();
		HTTP::redirect(Application::getAdminURL('auth.php'));
	}

	HTTP::redirect(Application::getAdminURL());
}

#===============================================================================
# ELSE: Not authenticated
#===============================================================================
else {
	#===============================================================================
	# IF: Login action
	#===============================================================================
	if(HTTP::issetPOST(['token' => Application::getSecurityToken()], 'username', 'password')) {
		try {
			$User = User\Factory::buildByUsername(HTTP::POST('username'));

			if($User->comparePassword(HTTP::POST('password'))) {
				$_SESSION['auth'] = $User->getID();
				HTTP::redirect(Application::getAdminURL());
			}

			else {
				$messages[] = $Language->text('authentication_failure');
			}
		} catch(User\Exception $Exception){
			$fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C';
			$fake_pass = HTTP::POST('password');

			password_verify($fake_pass, $fake_hash);

			$messages[] = $Language->text('authentication_failure');
		}
	}
}

#===============================================================================
# TRY: Template\Exception
#===============================================================================
try {
	$AuthTemplate = Template\Factory::build('auth');
	$AuthTemplate->set('FORM', [
		'INFO' => [
			'LIST' => $messages ?? [],
		],
		'DATA' => [
			'USERNAME' => HTTP::POST('username'),
			'PASSWORD' => HTTP::POST('password'),
		],
		'TOKEN' => Application::getSecurityToken()
	]);

	$MainTemplate = Template\Factory::build('main');
	$MainTemplate->set('NAME', 'Authentication');
	$MainTemplate->set('HTML', $AuthTemplate);
	echo $MainTemplate;
}

#===============================================================================
# CATCH: Template\Exception
#===============================================================================
catch(Template\Exception $Exception) {
	$Exception->defaultHandler();
}
?>