>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
// TODO: Protect against excess failed logins from the same IP
if(isset($_POST['user']) && isset($_POST['pass']))
{
include_once('db.php');
$error=_('Incorrect username/password');
$user=mysqli_real_escape_string($db, $_POST['user']);
$res=mysqli_query($db, 'select salt, password, id, status from users where name="'.$user.'"');
if($res=mysqli_fetch_assoc($res))
{
$hash=explode(':', $res['password']);
$pass=hash($hash[0], $_POST['pass'].$res['salt']);
if($pass==$hash[1])
{
switch($res['status'])
{
case ACCOUNT_ACTIVE:
session_start();
$_SESSION['name']=$_POST['user'];
$_SESSION['id']=$res['id'];
header('Location: '.(isset($_GET['returnto'])?urldecode($_GET['returnto']):BASEURL));
exit();
case ACCOUNT_BANNED: $error=_('Banned'); break;
case ACCOUNT_EMAILUNVERIFIED: $error=_('Please check for a verification e-mail'); break;
}
}
}
$error=''.$error.'
';
}else{
$error='';
}
include_once('head.php');
?>