Mathieu Trossevin
af94efde45
The former is always true (outside of post method it is an empty array and not null, and it cannot be `unset()`). The check was as such either meaningless or was supposed to check that something was sent. This commit assume the later.
54 lines
1.9 KiB
PHP
54 lines
1.9 KiB
PHP
<?php
|
|
/**
|
|
* Authentification controler
|
|
*
|
|
* Copyright (c) 2009-2022 Evolix - Tous droits reserves
|
|
*
|
|
* @author Evolix <info@evolix.fr>
|
|
* @author Gregory Colpart <reg@evolix.fr>
|
|
* @author Thomas Martin <tmartin@evolix.fr>
|
|
* @author Sebastien Palma <spalma@evolix.fr>
|
|
* @author and others.
|
|
* @version 1.0
|
|
*/
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) {
|
|
$input_username = $_POST['login'];
|
|
$input_password = $_POST['passw'];
|
|
|
|
if (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) != 64 && password_verify($input_password, $conf['logins'][$input_username]) ) {
|
|
$_SESSION['auth'] = true;
|
|
$_SESSION['user'] = $input_username;
|
|
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
|
|
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
|
|
unset($_SESSION['error']);
|
|
|
|
} elseif (isset($conf['logins'][$input_username]) && strlen($conf['logins'][$input_username]) == 64 && hash("sha256",$input_password) === $conf['logins'][$input_username]) {
|
|
// Compatibility mode for previous installs (sha256)
|
|
$_SESSION['auth'] = true;
|
|
$_SESSION['user'] = $input_username;
|
|
$_SESSION['user_id'] = posix_getpwnam($input_username) ? posix_getpwnam($input_username)['uid'] : 65534;
|
|
$_SESSION['cli_version'] = run_webadd_cmd('version')[0];
|
|
unset($_SESSION['error']);
|
|
|
|
} else {
|
|
$_SESSION['auth'] = false;
|
|
$_SESSION['user'] = '';
|
|
$_SESSION['error'] = true;
|
|
}
|
|
|
|
http_redirect('/');
|
|
|
|
} else {
|
|
|
|
if (!empty($_SESSION['error'])) {
|
|
$error = $_SESSION['error'];
|
|
unset($_SESSION['error']);
|
|
}
|
|
|
|
include_once EVOADMIN_BASE . '../tpl/header.tpl.php';
|
|
include_once EVOADMIN_BASE . '../tpl/auth.tpl.php';
|
|
include_once EVOADMIN_BASE . '../tpl/footer.tpl.php';
|
|
|
|
}
|