bludit/bl-kernel/admin/controllers/login.php

86 lines
2.3 KiB
PHP

<?php defined('BLUDIT') or die('Bludit CMS.');
// ============================================================================
// Check role
// ============================================================================
// ============================================================================
// Functions
// ============================================================================
function checkLogin($args)
{
global $Security;
global $Login;
global $Language;
if ($Security->isBlocked()) {
Alert::set($Language->g('IP address has been blocked').'<br>'.$Language->g('Try again in a few minutes'));
return false;
}
if ($Login->verifyUser($_POST['username'], $_POST['password'])) {
if (isset($_POST['remember'])) {
$Login->setRememberMe($_POST['username']);
}
// Renew the token. This token will be the same inside the session for multiple forms.
$Security->generateTokenCSRF();
Redirect::page('dashboard');
return true;
}
// Bruteforce protection, add IP to the blacklist
$Security->addToBlacklist();
// Create alert
Alert::set($Language->g('Username or password incorrect'));
return false;
}
function checkRememberMe()
{
global $Security;
global $Login;
if ($Security->isBlocked()) {
return false;
}
if (!Cookie::isset(REMEMBER_COOKIE_USERNAME) || !Cookie::isset(REMEMBER_COOKIE_TOKEN)) {
return false;
}
$username = Cookie::get(REMEMBER_COOKIE_USERNAME);
$token = Cookie::get(REMEMBER_COOKIE_TOKEN);
if ($Login->verifyUserByRemember($username, $token)) {
$Security->generateTokenCSRF();
Redirect::page('dashboard');
return true;
}
$Security->addToBlacklist();
return false;
}
// ============================================================================
// Main before POST
// ============================================================================
if ($_SERVER['REQUEST_METHOD']!=='POST') {
checkRememberMe();
}
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD']=='POST') {
checkLogin($_POST);
}
// ============================================================================
// Main after POST
// ============================================================================