2015-03-27 02:00:01 +01:00
|
|
|
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
|
2015-08-03 02:49:12 +02:00
|
|
|
// ============================================================================
|
|
|
|
// Check role
|
|
|
|
// ============================================================================
|
|
|
|
|
|
|
|
// ============================================================================
|
|
|
|
// Functions
|
|
|
|
// ============================================================================
|
|
|
|
|
2017-07-16 00:42:37 +02:00
|
|
|
function checkLogin($args)
|
2015-08-18 04:02:19 +02:00
|
|
|
{
|
2018-07-17 19:13:01 +02:00
|
|
|
global $security;
|
2018-07-14 15:17:06 +02:00
|
|
|
global $login;
|
2015-08-18 04:02:19 +02:00
|
|
|
global $Language;
|
|
|
|
|
2018-07-17 19:13:01 +02:00
|
|
|
if ($security->isBlocked()) {
|
2018-06-05 23:50:03 +02:00
|
|
|
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'), ALERT_STATUS_FAIL);
|
2015-08-18 04:02:19 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-07-14 15:17:06 +02:00
|
|
|
if ($login->verifyUser($_POST['username'], $_POST['password'])) {
|
2017-11-07 00:18:16 +01:00
|
|
|
if (isset($_POST['remember'])) {
|
2018-07-14 15:17:06 +02:00
|
|
|
$login->setRememberMe($_POST['username']);
|
2017-11-07 00:18:16 +01:00
|
|
|
}
|
2015-09-08 02:51:48 +02:00
|
|
|
// Renew the token. This token will be the same inside the session for multiple forms.
|
2018-07-17 19:13:01 +02:00
|
|
|
$security->generateTokenCSRF();
|
2018-07-25 23:42:00 +02:00
|
|
|
|
|
|
|
// Users with the role reader do not need access to dashboard
|
|
|
|
if ($login->role()=='reader') {
|
|
|
|
Redirect::home();
|
|
|
|
}
|
|
|
|
|
2017-06-05 22:36:09 +02:00
|
|
|
Redirect::page('dashboard');
|
2015-08-18 04:02:19 +02:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2017-07-16 00:42:37 +02:00
|
|
|
// Bruteforce protection, add IP to the blacklist
|
2018-07-17 19:13:01 +02:00
|
|
|
$security->addToBlacklist();
|
2017-06-05 22:36:09 +02:00
|
|
|
|
|
|
|
// Create alert
|
2018-06-05 23:50:03 +02:00
|
|
|
Alert::set($Language->g('Username or password incorrect'), ALERT_STATUS_FAIL);
|
2015-08-18 04:02:19 +02:00
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
function checkRememberMe()
|
|
|
|
{
|
2018-07-17 19:13:01 +02:00
|
|
|
global $security;
|
2018-07-14 15:17:06 +02:00
|
|
|
global $login;
|
2017-11-07 00:18:16 +01:00
|
|
|
|
2018-07-17 19:13:01 +02:00
|
|
|
if ($security->isBlocked()) {
|
2017-11-07 00:18:16 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2018-07-14 15:17:06 +02:00
|
|
|
if ($login->verifyUserByRemember()) {
|
2018-07-17 19:13:01 +02:00
|
|
|
$security->generateTokenCSRF();
|
2017-11-07 00:18:16 +01:00
|
|
|
Redirect::page('dashboard');
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-08-03 02:49:12 +02:00
|
|
|
// ============================================================================
|
|
|
|
// Main before POST
|
|
|
|
// ============================================================================
|
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
if ($_SERVER['REQUEST_METHOD']!=='POST') {
|
|
|
|
checkRememberMe();
|
|
|
|
}
|
|
|
|
|
2015-08-03 02:49:12 +02:00
|
|
|
// ============================================================================
|
|
|
|
// POST Method
|
|
|
|
// ============================================================================
|
|
|
|
|
2017-11-07 00:18:16 +01:00
|
|
|
if ($_SERVER['REQUEST_METHOD']=='POST') {
|
2017-07-16 00:42:37 +02:00
|
|
|
checkLogin($_POST);
|
2015-08-03 02:49:12 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// ============================================================================
|
|
|
|
// Main after POST
|
2015-11-28 15:47:03 +01:00
|
|
|
// ============================================================================
|