<?php if(!defined('IN_GS')){ die('you cannot load this page directly.'); } /** * Login Functions * * @package GetSimple * @subpackage Login */ $MSG = null; # if the login cookie is already set, redirect user to control panel if(cookie_check()) { redirect($cookie_redirect); } # was the form submitted? if(isset($_POST['submitted'])) { # initial variable setup $user_xml = GSUSERSPATH . _id($_POST['userid']).'.xml'; $userid = strtolower($_POST['userid']); $password = $_POST['pwd']; $error = null; # check the username or password fields if ( !$userid || !$password ) { $error = i18n_r('FILL_IN_REQ_FIELD'); } # check for any errors if ( !$error ) { exec_action('successful-login-start'); # hash the given password $password = passhash($password); $logFailed = new GS_Logging_Class('failedlogins.log'); $logFailed->add('Username',$userid); # does this user exist? if (file_exists($user_xml)) { # pull the data from the user's data file $data = getXML($user_xml); $PASSWD = $data->PWD; $USR = strtolower($data->USR); # do the username and password match? if ( ($userid == $USR) && ($password == $PASSWD) ) { $authenticated = true; } else { $authenticated = false; # add login failure to failed logins log $logFailed->add('Reason','Invalid Password'); } # end password match check } else { # user doesnt exist in this system $authenticated = false; # add login failure to failed logins log $logFailed->add('Reason','Invalid User'); } # is this successful? if( $authenticated ) { # YES - set the login cookie, then redirect user to secure panel create_cookie(); setcookie('GS_ADMIN_USERNAME', $USR, time() + 3600,'/'); exec_action('successful-login-end'); redirect($cookie_redirect); } else { # NO - show error message $error = i18n_r('LOGIN_FAILED'); $logFailed->save(); } # end authenticated check } # end error check } # end submission check ?>