includes/functions-auth.php

   1 <?php\r
   2 // Check for valid user. Returns true or an error message\r
   3 function yourls_is_valid_user() {\r
   4 \r
   5         // Logout request\r
   6         if($_GET['mode'] == 'logout') {\r
   7                 setcookie('yourls_username', null, time() - 3600);\r
   8                 setcookie('yourls_password', null, time() - 3600);\r
   9                 return 'Logged out successfully';\r
  10         }\r
  11         \r
  12         // Check cookies or login request. Login form has precedence.\r
  13         global $yourls_user_passwords;\r
  14         foreach($yourls_user_passwords as $valid_user => $valid_password) {\r
  15                 if ( \r
  16                         // Checking against POST data\r
  17                         (       isset($_POST['username'])\r
  18                                 && $valid_user == $_POST['username']\r
  19                                 && isset($_POST['password'])\r
  20                                 && $valid_password == $_POST['password']\r
  21                         )\r
  22                         or\r
  23                         // Checking against encrypted COOKIE data\r
  24                         (       isset($_COOKIE['yourls_username'])\r
  25                                 && yourls_salt($valid_user) == $_COOKIE['yourls_username']\r
  26                                 && isset($_COOKIE['yourls_password'])\r
  27                                 && yourls_salt($valid_password) == $_COOKIE['yourls_password'] \r
  28                         )\r
  29                 ) {\r
  30                         // (Re)store encrypted cookie and tell it's ok\r
  31                         setcookie('yourls_username', yourls_salt( $valid_user ), time() + (60*60*24*7));\r
  32                         setcookie('yourls_password', yourls_salt( $valid_password ), time() + (60*60*24*7));\r
  33                         define('YOURLS_USER', $valid_user);\r
  34                         return true;\r
  35                         \r
  36                 }\r
  37         }\r
  38         \r
  39         if ( isset($_POST['username']) || isset($_POST['password']) ) {\r
  40                 return 'Invalid username or password';\r
  41         } else {\r
  42                 return 'Fill this form';\r
  43         }\r
  44 }\r
  45 \r
  46 \r
  47 // Return salted string\r
  48 function yourls_salt( $string ) {\r
  49         $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;\r
  50         return md5 ($string . YOURLS_COOKIEKEY);\r
  51 }\r
  52 \r
  53 // Display the login screen. Nothing past this point.\r
  54 function yourls_login_screen($error_msg = '') {\r
  55 ?>\r
  56 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
  57 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">\r
  58 <head>\r
  59         <title>Login &laquo; YOURLS &raquo; Your Own URL Shortener | <?php echo YOURLS_SITE; ?></title>\r
  60         <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />\r
  61         <meta name="copyright" content="Copyright &copy; 2008-<?php echo date('Y'); ?> YOURS" />\r
  62         <meta name="author" content="Ozh RICHARD, Lester Chan" />\r
  63         <meta name="description" content="Insert URL &laquo; YOURLS &raquo; Your Own URL Shortener' | <?php echo YOURLS_SITE; ?>" />\r
  64         <link rel="stylesheet" href="<?php echo YOURLS_SITE; ?>/css/style.css" type="text/css" media="screen" />\r
  65         <script src="<?php echo YOURLS_SITE; ?>/js/jquery-1.3.1.min.js" type="text/javascript"></script>\r
  66 </head>\r
  67 <body>\r
  68 <div id="login">\r
  69         <form method="post" action="?"> <?php // reset any QUERY parameters ?>\r
  70                 <p>\r
  71                         <img src="<?php echo YOURLS_SITE; ?>/images/yourls-logo.png" alt="YOURLS" title="YOURLS" />\r
  72                 </p>\r
  73                 <?php\r
  74                         if(!empty($error_msg)) {\r
  75                                 echo '<p class="error">'.$error_msg.'</p>';\r
  76                         }\r
  77                 ?>\r
  78                 <p>\r
  79                         <label for="username">Username</label><br />\r
  80                         <input type="text" id="username" name="username" size="30" class="text" />\r
  81                 </p>\r
  82                 <p>\r
  83                         <label for="password">Password</label><br />\r
  84                         <input type="password" id="password" name="password" size="30" class="text" />\r
  85                 </p>\r
  86                 <p style="text-align: right;">\r
  87                         <input type="submit" id="submit" name="submit" value="Login" class="button" />\r
  88                 </p>\r
  89         </form>\r
  90         <script type="text/javascript">$('#username').focus();</script>\r
  91 </div>\r
  92 </body>\r
  93 </html>\r
  94 <?php\r
  95 die();\r
  96 }