2 // Check for valid user. Returns true or an error message
\r
3 function yourls_is_valid_user() {
\r
5 // Kill old cookies from 1.3 and prior
\r
6 setcookie('yourls_username', null, time() - 3600 );
\r
7 setcookie('yourls_password', null, time() - 3600 );
\r
10 if( isset( $_GET['mode'] ) && $_GET['mode'] == 'logout') {
\r
11 setcookie('yourls_username', null, time() - 3600, '/');
\r
12 setcookie('yourls_password', null, time() - 3600, '/');
\r
13 return 'Logged out successfully';
\r
16 // Check cookies or login request. Login form has precedence.
\r
17 global $yourls_user_passwords;
\r
18 foreach($yourls_user_passwords as $valid_user => $valid_password) {
\r
20 // Checking against POST data
\r
21 ( isset($_REQUEST['username'])
\r
22 && $valid_user == $_REQUEST['username']
\r
23 && isset($_REQUEST['password'])
\r
24 && $valid_password == $_REQUEST['password']
\r
27 // Checking against encrypted COOKIE data
\r
28 ( isset($_COOKIE['yourls_username'])
\r
29 && yourls_salt($valid_user) == $_COOKIE['yourls_username']
\r
30 && isset($_COOKIE['yourls_password'])
\r
31 && yourls_salt($valid_password) == $_COOKIE['yourls_password']
\r
34 // (Re)store encrypted cookie and tell it's ok
\r
35 if ( !defined('YOURLS_API') or YOURLS_API != true ) {
\r
36 // No need to store a cookie when used in API mode.
\r
37 setcookie('yourls_username', yourls_salt( $valid_user ), time() + (60*60*24*7), '/' );
\r
38 setcookie('yourls_password', yourls_salt( $valid_password ), time() + (60*60*24*7), '/' );
\r
40 if( !defined('YOURLS_USER') )
\r
41 define('YOURLS_USER', $valid_user);
\r
46 if ( isset($_REQUEST['username']) || isset($_REQUEST['password']) ) {
\r
47 return 'Invalid username or password';
\r
49 return 'Please log in';
\r
54 // Return salted string
\r
55 function yourls_salt( $string ) {
\r
56 $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;
\r
57 return md5 ($string . $salt);
\r
60 // Display the login screen. Nothing past this point.
\r
61 function yourls_login_screen( $error_msg = '' ) {
\r
62 yourls_html_head( 'login' );
\r
64 $action = ( isset($_GET['mode']) && $_GET['mode'] == 'logout' ? '?' : '' );
\r
67 <a href="<?php echo YOURLS_SITE; ?>/admin/index.php" title="YOURLS"><span>YOURLS</span>: <span>Y</span>our <span>O</span>wn <span>URL</span> <span>S</span>hortener<br/>
\r
68 <img src="<?php echo YOURLS_SITE; ?>/images/yourls-logo.png" alt="YOURLS" title="YOURLS" style="border: 0px;" /></a>
\r
72 <form method="post" action="<?php echo $action; ?>"> <?php // reset any QUERY parameters ?>
\r
74 if(!empty($error_msg)) {
\r
75 echo '<p class="error">'.$error_msg.'</p>';
\r
79 <label for="username">Username</label><br />
\r
80 <input type="text" id="username" name="username" size="30" class="text" />
\r
83 <label for="password">Password</label><br />
\r
84 <input type="password" id="password" name="password" size="30" class="text" />
\r
86 <p style="text-align: right;">
\r
87 <input type="submit" id="submit" name="submit" value="Login" class="button" />
\r
90 <script type="text/javascript">$('#username').focus();</script>
\r
93 yourls_html_footer();
\r