2 // Check for valid user. Returns true or an error message
\r
3 function yourls_is_valid_user() {
\r
6 if($_GET['mode'] == 'logout') {
\r
7 setcookie('yourls_username', null, time() - 3600);
\r
8 setcookie('yourls_password', null, time() - 3600);
\r
9 return 'Logged out successfully';
\r
12 // Check cookies or login request. Login form has precedence.
\r
13 global $yourls_user_passwords;
\r
14 foreach($yourls_user_passwords as $valid_user => $valid_password) {
\r
16 // Checking against POST data
\r
17 ( isset($_POST['username'])
\r
18 && $valid_user == $_POST['username']
\r
19 && isset($_POST['password'])
\r
20 && $valid_password == $_POST['password']
\r
23 // Checking against encrypted COOKIE data
\r
24 ( isset($_COOKIE['yourls_username'])
\r
25 && yourls_salt($valid_user) == $_COOKIE['yourls_username']
\r
26 && isset($_COOKIE['yourls_password'])
\r
27 && yourls_salt($valid_password) == $_COOKIE['yourls_password']
\r
30 // (Re)store encrypted cookie and tell it's ok
\r
31 setcookie('yourls_username', yourls_salt( $valid_user ), time() + (60*60*24*7));
\r
32 setcookie('yourls_password', yourls_salt( $valid_password ), time() + (60*60*24*7));
\r
33 define('YOURLS_USER', $valid_user);
\r
39 if ( isset($_POST['username']) || isset($_POST['password']) ) {
\r
40 return 'Invalid username or password';
\r
42 return 'Fill this form';
\r
47 // Return salted string
\r
48 function yourls_salt( $string ) {
\r
49 $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;
\r
50 return md5 ($string . YOURLS_COOKIEKEY);
\r
53 // Display the login screen. Nothing past this point.
\r
54 function yourls_login_screen($error_msg = '') {
\r
56 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
\r
57 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
\r
59 <title>Login « YOURLS » Your Own URL Shortener | <?php echo YOURLS_SITE; ?></title>
\r
60 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
\r
61 <meta name="copyright" content="Copyright © 2008-<?php echo date('Y'); ?> YOURS" />
\r
62 <meta name="author" content="Ozh RICHARD, Lester Chan" />
\r
63 <meta name="description" content="Insert URL « YOURLS » Your Own URL Shortener' | <?php echo YOURLS_SITE; ?>" />
\r
64 <link rel="stylesheet" href="<?php echo YOURLS_SITE; ?>/css/style.css" type="text/css" media="screen" />
\r
65 <script src="<?php echo YOURLS_SITE; ?>/js/jquery-1.3.1.min.js" type="text/javascript"></script>
\r
69 <form method="post" action="?"> <?php // reset any QUERY parameters ?>
\r
71 <img src="<?php echo YOURLS_SITE; ?>/images/yourls-logo.png" alt="YOURLS" title="YOURLS" />
\r
74 if(!empty($error_msg)) {
\r
75 echo '<p class="error">'.$error_msg.'</p>';
\r
79 <label for="username">Username</label><br />
\r
80 <input type="text" id="username" name="username" size="30" class="text" />
\r
83 <label for="password">Password</label><br />
\r
84 <input type="password" id="password" name="password" size="30" class="text" />
\r
86 <p style="text-align: right;">
\r
87 <input type="submit" id="submit" name="submit" value="Login" class="button" />
\r
90 <script type="text/javascript">$('#username').focus();</script>
\r