86 lines
2.3 KiB
PHP
86 lines
2.3 KiB
PHP
<?php defined('BLUDIT') or die('Bludit CMS.');
|
|
|
|
// ============================================================================
|
|
// Check role
|
|
// ============================================================================
|
|
|
|
// ============================================================================
|
|
// Functions
|
|
// ============================================================================
|
|
|
|
function checkLogin($args)
|
|
{
|
|
global $Security;
|
|
global $Login;
|
|
global $Language;
|
|
|
|
if ($Security->isBlocked()) {
|
|
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
|
|
return false;
|
|
}
|
|
|
|
if ($Login->verifyUser($_POST['username'], $_POST['password'])) {
|
|
if (isset($_POST['remember'])) {
|
|
$Login->setRememberMe($_POST['username']);
|
|
}
|
|
// Renew the token. This token will be the same inside the session for multiple forms.
|
|
$Security->generateTokenCSRF();
|
|
Redirect::page('dashboard');
|
|
return true;
|
|
}
|
|
|
|
// Bruteforce protection, add IP to the blacklist
|
|
$Security->addToBlacklist();
|
|
|
|
// Create alert
|
|
Alert::set($Language->g('Username or password incorrect'));
|
|
|
|
return false;
|
|
}
|
|
|
|
function checkRememberMe()
|
|
{
|
|
global $Security;
|
|
global $Login;
|
|
|
|
if ($Security->isBlocked()) {
|
|
return false;
|
|
}
|
|
|
|
if (!Cookie::isset(REMEMBER_COOKIE_USERNAME) || !Cookie::isset(REMEMBER_COOKIE_TOKEN)) {
|
|
return false;
|
|
}
|
|
|
|
$username = Cookie::get(REMEMBER_COOKIE_USERNAME);
|
|
$token = Cookie::get(REMEMBER_COOKIE_TOKEN);
|
|
|
|
if ($Login->verifyUserByRemember($username, $token)) {
|
|
$Security->generateTokenCSRF();
|
|
Redirect::page('dashboard');
|
|
return true;
|
|
}
|
|
|
|
$Security->addToBlacklist();
|
|
return false;
|
|
}
|
|
|
|
// ============================================================================
|
|
// Main before POST
|
|
// ============================================================================
|
|
|
|
if ($_SERVER['REQUEST_METHOD']!=='POST') {
|
|
checkRememberMe();
|
|
}
|
|
|
|
// ============================================================================
|
|
// POST Method
|
|
// ============================================================================
|
|
|
|
if ($_SERVER['REQUEST_METHOD']=='POST') {
|
|
checkLogin($_POST);
|
|
}
|
|
|
|
// ============================================================================
|
|
// Main after POST
|
|
// ============================================================================
|