]> CyberLeo.Net >> Repos - Github/YOURLS.git/blob - includes/functions-auth.php
projects / Github / YOURLS.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Kill old cookies from version 1.3
[Github/YOURLS.git] / includes / functions-auth.php
1 <?php\r
2 // Check for valid user. Returns true or an error message\r
3 function yourls_is_valid_user() {\r
4 \r
5         // Kill old cookies from 1.3 and prior\r
6         setcookie('yourls_username', null, time() - 3600 );\r
7         setcookie('yourls_password', null, time() - 3600 );\r
8 \r
9         // Logout request\r
10         if( isset( $_GET['mode'] ) && $_GET['mode'] == 'logout') {\r
11                 setcookie('yourls_username', null, time() - 3600, '/');\r
12                 setcookie('yourls_password', null, time() - 3600, '/');\r
13                 return 'Logged out successfully';\r
14         }\r
15         \r
16         // Check cookies or login request. Login form has precedence.\r
17         global $yourls_user_passwords;\r
18         foreach($yourls_user_passwords as $valid_user => $valid_password) {\r
19                 if ( \r
20                         // Checking against POST data\r
21                         (       isset($_REQUEST['username'])\r
22                                 && $valid_user == $_REQUEST['username']\r
23                                 && isset($_REQUEST['password'])\r
24                                 && $valid_password == $_REQUEST['password']\r
25                         )\r
26                         or\r
27                         // Checking against encrypted COOKIE data\r
28                         (       isset($_COOKIE['yourls_username'])\r
29                                 && yourls_salt($valid_user) == $_COOKIE['yourls_username']\r
30                                 && isset($_COOKIE['yourls_password'])\r
31                                 && yourls_salt($valid_password) == $_COOKIE['yourls_password'] \r
32                         )\r
33                 ) {\r
34                         // (Re)store encrypted cookie and tell it's ok\r
35                         if ( !defined('YOURLS_API') or YOURLS_API != true ) {\r
36                                 // No need to store a cookie when used in API mode.\r
37                                 setcookie('yourls_username', yourls_salt( $valid_user ), time() + (60*60*24*7), '/' );\r
38                                 setcookie('yourls_password', yourls_salt( $valid_password ), time() + (60*60*24*7), '/' );\r
39                         }\r
40                         define('YOURLS_USER', $valid_user);\r
41                         return true;\r
42                 }\r
43         }\r
44         \r
45         if ( isset($_REQUEST['username']) || isset($_REQUEST['password']) ) {\r
46                 return 'Invalid username or password';\r
47         } else {\r
48                 return 'Please log in';\r
49         }\r
50 }\r
51 \r
52 \r
53 // Return salted string\r
54 function yourls_salt( $string ) {\r
55         $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ;\r
56         return md5 ($string . YOURLS_COOKIEKEY);\r
57 }\r
58 \r
59 // Display the login screen. Nothing past this point.\r
60 function yourls_login_screen( $error_msg = '' ) {\r
61         yourls_html_head( 'login' );\r
62 ?>\r
63         <h1>\r
64                 <a href="<?php echo $base_page; ?>" title="YOURLS"><span>YOURLS</span>: <span>Y</span>our <span>O</span>wn <span>URL</span> <span>S</span>hortener<br/>\r
65                 <img src="<?php echo YOURLS_SITE; ?>/images/yourls-logo.png" alt="YOURLS" title="YOURLS" style="border: 0px;" /></a>\r
66         </h1>\r
67 \r
68         <div id="login">\r
69                 <form method="post" action="?"> <?php // reset any QUERY parameters ?>\r
70                         <?php\r
71                                 if(!empty($error_msg)) {\r
72                                         echo '<p class="error">'.$error_msg.'</p>';\r
73                                 }\r
74                         ?>\r
75                         <p>\r
76                                 <label for="username">Username</label><br />\r
77                                 <input type="text" id="username" name="username" size="30" class="text" />\r
78                         </p>\r
79                         <p>\r
80                                 <label for="password">Password</label><br />\r
81                                 <input type="password" id="password" name="password" size="30" class="text" />\r
82                         </p>\r
83                         <p style="text-align: right;">\r
84                                 <input type="submit" id="submit" name="submit" value="Login" class="button" />\r
85                         </p>\r
86                 </form>\r
87                 <script type="text/javascript">$('#username').focus();</script>\r
88         </div>\r
89         <?php\r
90         yourls_html_footer();\r
91         die();\r
92 }
Unnamed repository; edit this file 'description' to name the repository.