blob: 3b272f09df68a17620f9dcafb304f92ef1f957d5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
<?php
#===============================================================================
# DEFINE: Administration
#===============================================================================
const ADMINISTRATION = true;
#===============================================================================
# INCLUDE: Initialization
#===============================================================================
require '../core/application.php';
#===============================================================================
# IF: Already authenticated
#===============================================================================
if(Application::isAuthenticated()) {
#===============================================================================
# IF: Logout action
#===============================================================================
if(HTTP::issetGET(['token' => Application::getSecurityToken()], ['action' => 'logout'])) {
session_destroy();
HTTP::redirect(Application::getAdminURL('auth.php'));
}
HTTP::redirect(Application::getAdminURL());
}
#===============================================================================
# IF: Login action
#===============================================================================
if(HTTP::issetPOST('username', 'password')) {
if(HTTP::issetPOST(['token' => Application::getSecurityToken()])) {
$UserRepository = Application::getRepository('User');
if($User = $UserRepository->findBy('username', HTTP::POST('username'))) {
if(password_verify(HTTP::POST('password'), $User->get('password'))) {
$_SESSION['USER_ID'] = $User->getID();
HTTP::redirect(Application::getAdminURL());
} else {
$messages[] = $Language->text('authentication_failure');
}
} else {
$fake_hash = '$2y$10$xpnwDU2HumOgGQhVpMOP9uataEF82YXizniFhSUhYjUiXF8aoDk0C';
$fake_pass = HTTP::POST('password');
password_verify($fake_pass, $fake_hash);
$messages[] = $Language->text('authentication_failure');
}
} else {
$messages[] = $Language->text('error_security_csrf');
}
}
#===============================================================================
# Build document
#===============================================================================
$AuthTemplate = Template\Factory::build('auth');
$AuthTemplate->set('FORM', [
'INFO' => $messages ?? [],
'DATA' => [
'USERNAME' => HTTP::POST('username'),
'PASSWORD' => HTTP::POST('password'),
],
'TOKEN' => Application::getSecurityToken()
]);
$MainTemplate = Template\Factory::build('main');
$MainTemplate->set('NAME', 'Authentication');
$MainTemplate->set('HTML', $AuthTemplate);
echo $MainTemplate;
|