bludit/bl-kernel/admin/controllers/login.php

84 lines
2.2 KiB
PHP
Raw Normal View History

2015-03-27 02:00:01 +01:00
<?php defined('BLUDIT') or die('Bludit CMS.');
2015-08-03 02:49:12 +02:00
// ============================================================================
// Check role
// ============================================================================
// ============================================================================
// Functions
// ============================================================================
2017-07-16 00:42:37 +02:00
function checkLogin($args)
2015-08-18 04:02:19 +02:00
{
global $security;
global $login;
2015-08-18 04:02:19 +02:00
global $Language;
if ($security->isBlocked()) {
2018-06-05 23:50:03 +02:00
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'), ALERT_STATUS_FAIL);
2015-08-18 04:02:19 +02:00
return false;
}
if ($login->verifyUser($_POST['username'], $_POST['password'])) {
2017-11-07 00:18:16 +01:00
if (isset($_POST['remember'])) {
$login->setRememberMe($_POST['username']);
2017-11-07 00:18:16 +01:00
}
2015-09-08 02:51:48 +02:00
// Renew the token. This token will be the same inside the session for multiple forms.
$security->generateTokenCSRF();
2018-07-25 23:42:00 +02:00
// Users with the role reader do not need access to dashboard
if ($login->role()=='reader') {
Redirect::home();
}
2018-07-28 18:33:37 +02:00
// Other user without the role reader redirect to dashboard
Redirect::page('dashboard');
2015-08-18 04:02:19 +02:00
return true;
}
2017-07-16 00:42:37 +02:00
// Bruteforce protection, add IP to the blacklist
$security->addToBlacklist();
// Create alert
2018-06-05 23:50:03 +02:00
Alert::set($Language->g('Username or password incorrect'), ALERT_STATUS_FAIL);
2015-08-18 04:02:19 +02:00
return false;
}
2017-11-07 00:18:16 +01:00
function checkRememberMe()
{
global $security;
global $login;
2017-11-07 00:18:16 +01:00
if ($security->isBlocked()) {
2017-11-07 00:18:16 +01:00
return false;
}
if ($login->verifyUserByRemember()) {
$security->generateTokenCSRF();
2017-11-07 00:18:16 +01:00
Redirect::page('dashboard');
return true;
}
return false;
}
2015-08-03 02:49:12 +02:00
// ============================================================================
// Main before POST
// ============================================================================
2017-11-07 00:18:16 +01:00
if ($_SERVER['REQUEST_METHOD']!=='POST') {
checkRememberMe();
}
2015-08-03 02:49:12 +02:00
// ============================================================================
// POST Method
// ============================================================================
2017-11-07 00:18:16 +01:00
if ($_SERVER['REQUEST_METHOD']=='POST') {
2017-07-16 00:42:37 +02:00
checkLogin($_POST);
2015-08-03 02:49:12 +02:00
}
// ============================================================================
// Main after POST
// ============================================================================