isBlocked()) { Alert::set($Language->g('IP address has been blocked').'
'.$Language->g('Try again in a few minutes')); return false; } if ($Login->verifyUser($_POST['username'], $_POST['password'])) { if (isset($_POST['remember'])) { $Login->setRememberMe($_POST['username']); } // Renew the token. This token will be the same inside the session for multiple forms. $Security->generateTokenCSRF(); Redirect::page('dashboard'); return true; } // Bruteforce protection, add IP to the blacklist $Security->addToBlacklist(); // Create alert Alert::set($Language->g('Username or password incorrect')); return false; } function checkRememberMe() { global $Security; global $Login; if ($Security->isBlocked()) { return false; } if (!Cookie::isset(REMEMBER_COOKIE_USERNAME) || !Cookie::isset(REMEMBER_COOKIE_TOKEN)) { return false; } $username = Cookie::get(REMEMBER_COOKIE_USERNAME); $token = Cookie::get(REMEMBER_COOKIE_TOKEN); if ($Login->verifyUserByRemember($username, $token)) { $Security->generateTokenCSRF(); Redirect::page('dashboard'); return true; } $Security->addToBlacklist(); return false; } // ============================================================================ // Main before POST // ============================================================================ if ($_SERVER['REQUEST_METHOD']!=='POST') { checkRememberMe(); } // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD']=='POST') { checkLogin($_POST); } // ============================================================================ // Main after POST // ============================================================================