includes/functions-auth.php

   1 <?php\r
   2 // Check for valid user. Returns true or an error message\r
   3 function yourls_is_valid_user() {\r
   4 \r
   5         // Logout request\r
   6         if( isset( $_GET['mode'] ) && $_GET['mode'] == 'logout') {\r
   7                 setcookie('yourls_username', null, time() - 3600, '/');\r
   8                 setcookie('yourls_password', null, time() - 3600, '/');\r
   9                 return 'Logged out successfully';\r
  10         }\r
  11         \r
  12         // Check cookies or login request. Login form has precedence.\r
  13         global $yourls_user_passwords;\r
  14         foreach($yourls_user_passwords as $valid_user => $valid_password) {\r
  15                 if ( \r
  16                         // Checking against POST data\r
  17                         (       isset($_REQUEST['username'])\r
  18                                 && $valid_user == $_REQUEST['username']\r
  19                                 && isset($_REQUEST['password'])\r
  20                                 && $valid_password == $_REQUEST['password']\r
  21                         )\r
  22                         or\r
  23                         // Checking against encrypted COOKIE data\r
  24                         (       isset($_COOKIE['yourls_username'])\r
  25                                 && yourls_salt($valid_user) == $_COOKIE['yourls_username']\r
  26                                 && isset($_COOKIE['yourls_password'])\r
  27                                 && yourls_salt($valid_password) == $_COOKIE['yourls_password'] \r
  28                         )\r
  29                 ) {\r
  30                         // (Re)store encrypted cookie and tell it's ok\r
  31                         if ( !defined('YOURLS_API') or YOURLS_API != true ) {\r
  32                                 // No need to store a cookie when used in API mode.\r
  33                                 setcookie('yourls_username', yourls_salt( $valid_user ), time() + (60*60*24*7), '/' );\r
  34                                 setcookie('yourls_password', yourls_salt( $valid_password ), time() + (60*60*24*7), '/' );\r
  35                         }\r
  36                         define('YOURLS_USER', $valid_user);\r
  37                         return true;\r
  38                 }\r
  39         }\r
  40         \r
  41         if ( isset($_REQUEST['username']) || isset($_REQUEST['password']) ) {\r
  42                 return 'Invalid username or password';\r
  43         } else {\r
  44                 return 'Please log in';\r
  45         }\r
  46 }\r
  47 \r
  48 \r
  49 // Return salted string\r
  50 function yourls_salt( $string ) {\r
  51         $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;\r
  52         return md5 ($string . YOURLS_COOKIEKEY);\r
  53 }\r
  54 \r
  55 // Display the login screen. Nothing past this point.\r
  56 function yourls_login_screen( $error_msg = '' ) {\r
  57         yourls_html_head( 'login' );\r
  58 ?>\r
  59         <h1>\r
  60                 <a href="<?php echo $base_page; ?>" title="YOURLS"><span>YOURLS</span>: <span>Y</span>our <span>O</span>wn <span>URL</span> <span>S</span>hortener<br/>\r
  61                 <img src="<?php echo YOURLS_SITE; ?>/images/yourls-logo.png" alt="YOURLS" title="YOURLS" style="border: 0px;" /></a>\r
  62         </h1>\r
  63 \r
  64         <div id="login">\r
  65                 <form method="post" action="?"> <?php // reset any QUERY parameters ?>\r
  66                         <?php\r
  67                                 if(!empty($error_msg)) {\r
  68                                         echo '<p class="error">'.$error_msg.'</p>';\r
  69                                 }\r
  70                         ?>\r
  71                         <p>\r
  72                                 <label for="username">Username</label><br />\r
  73                                 <input type="text" id="username" name="username" size="30" class="text" />\r
  74                         </p>\r
  75                         <p>\r
  76                                 <label for="password">Password</label><br />\r
  77                                 <input type="password" id="password" name="password" size="30" class="text" />\r
  78                         </p>\r
  79                         <p style="text-align: right;">\r
  80                                 <input type="submit" id="submit" name="submit" value="Login" class="button" />\r
  81                         </p>\r
  82                 </form>\r
  83                 <script type="text/javascript">$('#username').focus();</script>\r
  84         </div>\r
  85         <?php\r
  86         yourls_html_footer();\r
  87         die();\r
  88 }