bludit/bl-kernel/admin/controllers/login.php

<?php defined('BLUDIT') or die('Bludit CMS.');

// ============================================================================
// Check role
// ============================================================================

// ============================================================================
// Functions
// ============================================================================

function checkLogin($args)
{
	global $security;
	global $login;
	global $L;

	if ($security->isBlocked()) {
		Alert::set($L->g('IP address has been blocked').'<br>'.$L->g('Try again in a few minutes'), ALERT_STATUS_FAIL);
		return false;
	}

	if ($login->verifyUser($_POST['username'], $_POST['password'])) {
		if (isset($_POST['remember'])) {
			$login->setRememberMe($_POST['username']);
		}
		// Renew the token. This token will be the same inside the session for multiple forms.
		$security->generateTokenCSRF();

		Redirect::page('dashboard');
		return true;
	}

	// Bruteforce protection, add IP to the blacklist
	$security->addToBlacklist();

	// Create alert
	Alert::set($L->g('Username or password incorrect'), ALERT_STATUS_FAIL);
	return false;
}

function checkRememberMe()
{
	global $security;
	global $login;

	if ($security->isBlocked()) {
		return false;
	}

	if ($login->verifyUserByRemember()) {
		$security->generateTokenCSRF();
		Redirect::page('dashboard');
		return true;
	}

	return false;
}

// ============================================================================
// Main before POST
// ============================================================================

if ($_SERVER['REQUEST_METHOD']!=='POST') {
	checkRememberMe();
}

// ============================================================================
// POST Method
// ============================================================================

if ($_SERVER['REQUEST_METHOD']=='POST') {
	checkLogin($_POST);
}

// ============================================================================
// Main after POST
// ============================================================================
New features 2015-03-27 02:00:01 +01:00			`<?php defined('BLUDIT') or die('Bludit CMS.');`

Minor changes 2015-08-03 02:49:12 +02:00			`// ============================================================================`
			`// Check role`
			`// ============================================================================`

			`// ============================================================================`
			`// Functions`
			`// ============================================================================`

Login and Security improves 2017-07-16 00:42:37 +02:00			`function checkLogin($args)`
Bruteforce protection 2015-08-18 04:02:19 +02:00			`{`
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`global $security;`
Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`global $login;`
Change on variable name to , include new words to the dictionary 2018-08-05 17:54:20 +02:00			`global $L;`
Bruteforce protection 2015-08-18 04:02:19 +02:00
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`if ($security->isBlocked()) {`
Change on variable name to , include new words to the dictionary 2018-08-05 17:54:20 +02:00			`Alert::set($L->g('IP address has been blocked').'<br>'.$L->g('Try again in a few minutes'), ALERT_STATUS_FAIL);`
Bruteforce protection 2015-08-18 04:02:19 +02:00			`return false;`
			`}`

Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`if ($login->verifyUser($_POST['username'], $_POST['password'])) {`
Remember me 2017-11-07 00:18:16 +01:00			`if (isset($_POST['remember'])) {`
Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`$login->setRememberMe($_POST['username']);`
Remember me 2017-11-07 00:18:16 +01:00			`}`
Updates 2015-09-08 02:51:48 +02:00			`// Renew the token. This token will be the same inside the session for multiple forms.`
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`$security->generateTokenCSRF();`
User object, new reader role for users 2018-07-25 23:42:00 +02:00
Bug fixes, developer area, google plugin updated, rss and sitemap updated 2017-06-05 22:36:09 +02:00			`Redirect::page('dashboard');`
Bruteforce protection 2015-08-18 04:02:19 +02:00			`return true;`
			`}`

Login and Security improves 2017-07-16 00:42:37 +02:00			`// Bruteforce protection, add IP to the blacklist`
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`$security->addToBlacklist();`
Bug fixes, developer area, google plugin updated, rss and sitemap updated 2017-06-05 22:36:09 +02:00
			`// Create alert`
Change on variable name to , include new words to the dictionary 2018-08-05 17:54:20 +02:00			`Alert::set($L->g('Username or password incorrect'), ALERT_STATUS_FAIL);`
Bruteforce protection 2015-08-18 04:02:19 +02:00			`return false;`
			`}`

Remember me 2017-11-07 00:18:16 +01:00			`function checkRememberMe()`
			`{`
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`global $security;`
Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`global $login;`
Remember me 2017-11-07 00:18:16 +01:00
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`if ($security->isBlocked()) {`
Remember me 2017-11-07 00:18:16 +01:00			`return false;`
			`}`

Session in admin area and when you create the Login object 2018-07-14 15:17:06 +02:00			`if ($login->verifyUserByRemember()) {`
Title in database, improves on Page Object, Perfomance improvements, TinyMCE and Bootstrap updated 2018-07-17 19:13:01 +02:00			`$security->generateTokenCSRF();`
Remember me 2017-11-07 00:18:16 +01:00			`Redirect::page('dashboard');`
			`return true;`
			`}`

			`return false;`
			`}`

Minor changes 2015-08-03 02:49:12 +02:00			`// ============================================================================`
			`// Main before POST`
			`// ============================================================================`

Remember me 2017-11-07 00:18:16 +01:00			`if ($_SERVER['REQUEST_METHOD']!=='POST') {`
			`checkRememberMe();`
			`}`

Minor changes 2015-08-03 02:49:12 +02:00			`// ============================================================================`
			`// POST Method`
			`// ============================================================================`

Remember me 2017-11-07 00:18:16 +01:00			`if ($_SERVER['REQUEST_METHOD']=='POST') {`
Login and Security improves 2017-07-16 00:42:37 +02:00			`checkLogin($_POST);`
Minor changes 2015-08-03 02:49:12 +02:00			`}`

			`// ============================================================================`
			`// Main after POST`
Opengraph, Admin panel responsive, Improves on Security tokens 2015-11-28 15:47:03 +01:00			`// ============================================================================`