blob: d8213967bee70ad6eea845468da9a097eb2ee6a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
<?php
function init_login(&$S) {
if (isset($S['user'])) {
if (isset($_REQUEST['go']))
header('Location: '.url($_REQUEST['go']));
// Should we let you continue to $_REQUEST['go'] instead?
return 'welcome';
}
if (substr($S['request'], 0, 5) != 'login')
$_REQUEST['go']=$S['request'];
$S['login']['form']=new form(url('login'));
$form=&$S['login']['form'];
if (isset($_REQUEST['go']))
$form->hidden('go', 'go', $_REQUEST['go']);
$form->text_input('email', 'email', 'Email');
$form->password('password', 'password', 'Password');
$form->submit();
$S['login']['data']=isset($_REQUEST['email'])?$form->process():array();
$data=&$S['login']['data'];
if (isset($data['email'], $data['password'])) {
$r=query('SELECT * FROM `users` WHERE `email`='.$S['pdo']->quote($data['email']).' AND `passhash`="'.sha1($data['password']).'"');
if ($r->rowCount()) {
$S['user']=new sql_user($r->fetch(PDO::FETCH_ASSOC));
$S['login.result']=sql_session::create();
} else {
$S['login.result']=false;
}
}
$S['title']='Login';
}
function body_login(&$S) {
if (isset($_REQUEST['go']) && $_REQUEST['go'] == $S['request']) {
echo print_warning('Please sign in to access this page.');
}
if (isset($S['login.result'])) {
if ($S['login.result'] === 'error') {
echo print_error('An error occurred while signing you in.');
} elseif ($S['login.result']) {
echo print_success('Welcome, '.$S['user']->name);
echo '<a href="'.url(isset($_REQUEST['go'])?$_REQUEST['go']:'').'">Continue</a>';
return;
} else {
echo print_error('Your email and password combination was not recognized.');
}
}
echo '<h3>Login</h3>';
echo $S['login']['form']->output($S['login']['data']);
echo '<a href="'.url('forgot').'">Forgot password?</a>';
}
?>
|