$valid_password) { if ( // Checking against POST data ( isset($_REQUEST['username']) && $valid_user == $_REQUEST['username'] && isset($_REQUEST['password']) && $valid_password == $_REQUEST['password'] ) or // Checking against encrypted COOKIE data ( isset($_COOKIE['yourls_username']) && yourls_salt($valid_user) == $_COOKIE['yourls_username'] && isset($_COOKIE['yourls_password']) && yourls_salt($valid_password) == $_COOKIE['yourls_password'] ) ) { // (Re)store encrypted cookie and tell it's ok if ( !defined('YOURLS_API') or YOURLS_API != true ) { // No need to store a cookie when used in API mode. setcookie('yourls_username', yourls_salt( $valid_user ), time() + (60*60*24*7)); setcookie('yourls_password', yourls_salt( $valid_password ), time() + (60*60*24*7)); } define('YOURLS_USER', $valid_user); return true; } } if ( isset($_REQUEST['username']) || isset($_REQUEST['password']) ) { return 'Invalid username or password'; } else { return 'Please log in'; } } // Return salted string function yourls_salt( $string ) { $salt = defined('YOURLS_COOKIEKEY') ? YOURLS_COOKIEKEY : md5(__FILE__) ; return md5 ($string . YOURLS_COOKIEKEY); } // Display the login screen. Nothing past this point. function yourls_login_screen( $error_msg = '' ) { yourls_html_head( 'login' ); ?>

YOURLS

'.$error_msg.'

'; } ?>