switch ($ret)
{
case "done": // Admin and password are okay, so we log in now
- // Try to register the session variables
- if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) {
- // Construct URL and redirect
- $URL = URL."/modules.php?module=admin&";
-
- // Rewrite overview module
- if ($GLOBALS['what'] == "overview") {
- $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
- }
-
- // Add data to URL
- if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
- elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
- elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+ // Construct URL and redirect
+ $URL = URL."/modules.php?module=admin&";
- // Load URL
- LOAD_URL($URL);
- } else {
- OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGIN_FAILED."</STRONG>");
- ADD_FATAL(CANNOT_REGISTER_SESS);
+ // Rewrite overview module
+ if ($GLOBALS['what'] == "overview") {
+ $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
}
+
+ // Add data to URL
+ if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
+ elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
+ elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+
+ // Load URL
+ LOAD_URL($URL);
break;
case "404": // Administrator login not found
// Check if password is same
if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) {
+ // Change the passord hash here
+ $pass = generateHash($password);
+
// Update password
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
array($pass, $admin_login), __FILE__, __LINE__);
if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
}
- // Password matches!
- $ret = "done";
+ // Login has failed by default... ;-)
+ $ret = "failed";
+
+ // Password matches so login here
+ if (LOGIN_ADMIN($admin_login, $pass)) {
+ // All done now
+ $ret = "done";
+ }
} elseif ((empty($salt)) && ($ret == "pass")) {
// Something bad went wrong
$ret = "failed";
}
+
+ // Return the result
return $ret;
}
+// Try to login the admin by setting some session/cookie variables
+function LOGIN_ADMIN ($adminLogin, $passHash) {
+ // Now set all session variables and return the result
+ return (
+ (
+ set_session("admin_md5", generatePassString($passHash))
+ ) && (
+ set_session("admin_login", $adminLogin)
+ ) && (
+ set_session("admin_last", time())
+ ) && (
+ set_session("admin_to", $_POST['timeout'])
+ )
+ );
+}
+
// Only be executed on cookie checking
function CHECK_ADMIN_COOKIES ($admin_login, $password) {
global $cacheArray, $_CONFIG;
projects / mailer.git / commitdiff